Advanced search  

News:

cpg1.5.46 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter recently discovered vulnerabilities. It is important that all users who run version cpg1.5.44 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: HOTFIX for Apache's RAR/PHP Vulnerability - IMPORTANT!  (Read 12654 times)

0 Members and 1 Guest are viewing this topic.

Paver

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 1608
  • Paul Van Rompay
HOTFIX for Apache's RAR/PHP Vulnerability - IMPORTANT!
« on: June 11, 2006, 07:00:56 am »

There is a very serious vulnerability in the Apache webserver that is actually a "feature" which can be helpful for some people, but can also expose many people to a security breach, the current one being the "Apache RAR Exploit".  Your Coppermine gallery and any other PHP applications that allow uploads are open to abuse unless each application addresses this vulnerability/feature of Apache's processing of PHP files.

Read more about it here:
Coppermine-driven galleries hit by RAR exploit

Coppermine 1.4.6 was the first release to address this, and versions after this include the fix as well:
Maintenance release CPG1.4.6 protects against Apache's .rar vulnerability

You are strongly recommended to upgrade to the current version, as of this writing, 1.4.8.  We remind you that support for the 1.3.x series is running out.  Upgrading is clearly detailed in the documentation, along with upgrading any custom 1.3 themes.  Most of the popular 1.3 themes have been converted to the 1.4 theme system.  In addition, the new plugin system in 1.4 allows added features to the Coppermine core *without* hacking the scripts as was necessary in the 1.3.x series.  Many plugins are being written and are starting to replace popular hacks/mods.

Please consider performing an upgrade to your 1.3 gallery soon!

Unless you upgrade immediately, you are strongly recommended to apply the following hotfix to your 1.3 gallery to remove the exposure of your gallery to the currently popular "RAR Exploit", which allows someone to inject code into your site and do lots of nasty things.

Attached to this post is a ZIP file containing the hotfix.  Read the file "HOTFIX_readme.txt" and follow the instructions.  If you have questions or problems, reply to this post.
« Last Edit: October 01, 2006, 10:06:59 am by GauGau »
Logged
Pages: [1]   Go Up
 

Page created in 0.017 seconds with 20 queries.