Contribs.org

Please login or register.

Login with username, password and session length

News:

SME Future discussions are ongoing on devinfo. See  here

Pages: [1]   Go Down

Author Topic: Security update, SME8.# SME9.# and SME10Alpha - bad redirection parameter  (Read 166 times)

TerryF

  • Home away from home
  • ****
  • Offline Offline
  • Posts: 701

Invalidated redirect - Possible account hijack via unvalidated redirect in the login URL 'back' parameter

Fixed in: e-smith-manager-2_6_0-14_el6_sme sme9
Fixed in: e-smith-manager-2_2_0-13_el5_sme sme8
Fixed in: e-smith-manager-2_8_0-15_el7_sme sme10

fix bad redirection parameter that might reveal session information to remote site, bugs 9920, 9923, 9924

Update is syncing to release mirrors now.

# yum update e-smith-manager or just a yum update
Logged
--
qui scribit bis legit
Pages: [1]   Go Up
 

Page created in 0.042 seconds with 24 queries.