Contribs.org

Please login or register.

Login with username, password and session length

News:

SME Future discussions are ongoing on devinfo. See  here

Pages: [1]   Go Down

Author Topic: Security update, SME8.# SME9.# and SME10Alpha - bad redirection parameter  (Read 253 times)

TerryF

  • Silver Supporter
  • *
  • Online Online
  • Posts: 725

Invalidated redirect - Possible account hijack via unvalidated redirect in the login URL 'back' parameter

Fixed in: e-smith-manager-2_6_0-14_el6_sme sme9
Fixed in: e-smith-manager-2_2_0-13_el5_sme sme8
Fixed in: e-smith-manager-2_8_0-15_el7_sme sme10

fix bad redirection parameter that might reveal session information to remote site, bugs 9920, 9923, 9924

Update is syncing to release mirrors now.

# yum update e-smith-manager or just a yum update
Logged
--
qui scribit bis legit
Pages: [1]   Go Up
 

Page created in 0.049 seconds with 24 queries.