Security Patch released for Newscoop 4.1
-
We have released a patch for a security issue in Newscoop 4.1. This patches a cross-site scripting vulnerability in Newscoop which can be exploited to
execute arbitrary script code in a user's browser session in context of an affected site.
It’s not an easy one to exploit but patching is strongly recommended. It affects all versions of Newscoop 4.0.x and 4.1.0.
How To Fix
1. Download it.
2. Patch it.
$ cd /path/to/your/newscoop-directory/
$ patch -p1 < /path/to/patch-file
All customers whose instances are hosted by Sourcefabric are already protected and need to take no action.
Thanks to Pawel Haldrzynski who found the issue and got in touch via Secunia SVCRP. Here’s the link to the commit in Github that fixes the issue.
If you are unsure of how to apply this fix or whether you affected, please mail contact@sourcefabric.org immediately.
Best, AdamPost edited by Adam Thomas at 2013-02-01 09:11:01
Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Categories
- All Discussions8,397
- Sourcefabric
- ↳ Announcements25
- Newscoop
- ↳ Newscoop Support2,189
- ↳ Newscoop Development722
- ↳ Newscoop Security13
- ↳ Newscoop Documentation17
- ↳ Newscoop Themes69
- Airtime
- ↳ Airtime Support3,139
- ↳ Airtime Development1,286
- ↳ Airtime Français146
- ↳ Airtime Documentation14
- ↳ Airtime Hacks102
- ↳ Promote your station!37
- ↳ Airtime Security11
- Booktype
- ↳ Booktype Support277
- ↳ Booktype Development55
- ↳ Booktype Documentation7
- Superdesk
- ↳ Superdesk Development264
- ↳ Web Publisher21
Poll
No poll attached to this discussion.Top Posters
-
Albert FR
1978
-
Martin Konecny
1860
-
Andrey Podshivalov
1526
-
Voisses Tech
1423
-
John Chewter
899
-
Daniel James
844
-
Roger Wilco
784
-
hoerich
627
-
Paul Baranowski
389
-
Cliff Wang
339