Contribs.org

Please login or register.

Login with username, password and session length

News:

Remember SME Server is currently free to download and use. But it is not free to build. You can help by making a donation of time OR money from the links below.

Pages: [1]   Go Down

Author Topic: Security update, SME8.# SME9.# and SME10Alpha - bad redirection parameter  (Read 383 times)

TerryF

  • Silver Supporter
  • *
  • Offline Offline
  • Posts: 745

Invalidated redirect - Possible account hijack via unvalidated redirect in the login URL 'back' parameter

Fixed in: e-smith-manager-2_6_0-14_el6_sme sme9
Fixed in: e-smith-manager-2_2_0-13_el5_sme sme8
Fixed in: e-smith-manager-2_8_0-15_el7_sme sme10

fix bad redirection parameter that might reveal session information to remote site, bugs 9920, 9923, 9924

Update is syncing to release mirrors now.

# yum update e-smith-manager or just a yum update
Logged
--
qui scribit bis legit
Pages: [1]   Go Up
 

Page created in 0.03 seconds with 24 queries.