Перейти к содержимому


Фотография

IP.Gallery 4.2.x-5.0.x Security Update


  • Авторизуйтесь для ответа в теме
В этой теме нет ответов

#1 Оффлайн   IpbZona Bot

    Пользователь


  • Пользователи
  • Репутация
    1
    • Cообщений: 29

Отправлено 15 Январь 2014 - 19:37

We are releasing security patches for IP.Gallery 4.2.1 and IP.Gallery 5.0.5 to address a potential cross-site scripting issue related to the acceptance of SWF uploads.

 

SWF (Shockwave Flash) is a file format used to embed flash movies in HTML documents, and when media files are accepted in IP.Gallery, SWF uploads are allowed.  Because SWF files allow arbitrary script to execute within the context of the site they are hosted on, we are releasing a patch today which disables SWF files from being accepted by IP.Gallery by default.  You may still allow SWF files after installing this patch by following the instructions in

Пожалуйста Войдите или Зарегистрируйтесь чтобы видеть скрытое содержание

, however we strongly recommend that you do not allow SWF submissions unless only trusted users are able to submit movies in your IP.Gallery installation.

 

 

To apply the patch, please perform the following steps:

  • Identify which version of IP.Gallery you are running.
  • Download the appropriate patch file below
  • Extract the contents locally on your computer
  • Upload the contents of the "upload" folder to your forum root directory (where conf_global.php is located), overwriting any files when prompted. Please refer to

    Пожалуйста Войдите или Зарегистрируйтесь чтобы видеть скрытое содержание

    if you are unfamiliar with using FTP to transfer files to your server.

 

If you are an IPS Community in the Cloud customer running IP.Gallery 4.2.1 or above, no further action is necessary; we have already automatically patched your account. If you are using a version older than IP.Gallery 4.2.1, you should contact support to upgrade.
 

 

If you are running IP.Gallery 4.2.1, please use the following zip:

Пожалуйста Войдите или Зарегистрируйтесь чтобы видеть скрытое содержание

 

Пожалуйста Войдите или Зарегистрируйтесь чтобы видеть скрытое содержание

  5.01KB  6 downloads

If you are running IP.Gallery 5.0.5, please use the following zip:

Пожалуйста Войдите или Зарегистрируйтесь чтобы видеть скрытое содержание

 

Пожалуйста Войдите или Зарегистрируйтесь чтобы видеть скрытое содержание

  5.6KB  26 downloads
 

 

As of the time of this post, the full IP.Gallery package in our client center has been updated.

If you are running any version of IP.Gallery that is not listed above, we recommend that you upgrade to the latest version to obtain these security fixes, as well as several other security and bug fixes.



We would like to thank Vasil A (Bulgaria) for bringing the vulnerability to our attention.     


Пожалуйста Войдите или Зарегистрируйтесь чтобы видеть скрытое содержание



Заработок и обучение заработку