Thread: [Phpwebsite-security] Security Patch

A security vulnerability was brought to our attention recently and we
have posted a patch to resolve this issue.  The patch can be downloaded
from here:

http://phpwebsite.appstate.edu/downloads/security/phpwebsite-core-security-patch2.tar.gz
md5sum: fcefda44a8d691c844593d815479a1ce

This patch should only be applied to versions 0.9.3-2 or greater.  All
you need to do is untar the file in the base directory of your
phpwebsite install.

Thanks to Maestro De-Seguridad for bringing this problem to our
attention.

We will discuss the security hole in more detail after people have had a
chance to apply the patch.


The phpWebSite Development Team

-- 
Steven Levin
Computer Systems Admin I
Electronic Student Services
Appalachian State University
http://phpwebsite.appstate.edu

Diabolic Crab, an independent security researcher at Hackers Center has
revealed some security weaknesses in phpWebSite. Mr. Crab was kind
enough to contact us before these holes become public knowledge.

Please download the security patch and untar it in your phpWebSite
version 0.10.1 installation directory.

http://phpwebsite.appstate.edu/downloads/security/phpwebsite_security_patch_20050705.2.tgz


-- 
Matthew McNaney
Electronic Student Services
Appalachian State University
http://phpwebsite.appstate.edu

On Thu, 2004-11-11 at 10:54 -0500, Steven Levin wrote:
> A security vulnerability was brought to our attention recently and we
> have posted a patch to resolve this issue.  The patch can be downloaded
> from here:
> 
> http://phpwebsite.appstate.edu/downloads/security/phpwebsite-core-security-patch2.tar.gz
> md5sum: fcefda44a8d691c844593d815479a1ce
> 
> This patch should only be applied to versions 0.9.3-2 or greater.  All
> you need to do is untar the file in the base directory of your
> phpwebsite install.
> 
> Thanks to Maestro De-Seguridad for bringing this problem to our
> attention.
> 
> We will discuss the security hole in more detail after people have had a
> chance to apply the patch

A small issue was found with the first security patch, nothing major.
Please download the latest version and apply.

http://phpwebsite.appstate.edu/downloads/security/phpwebsite-core-
security-patch2.tar.gz
md5sum: d41d8cd98f00b204e9800998ecf8427e

Sorry for any inconvenience.

Thanks
phpWebSite Development Team

-- 
Steven Levin
Computer Systems Admin I
Electronic Student Services
Appalachian State University
http://phpwebsite.appstate.edu

Sorry Everyone I am having a real bad day :(  File I just emailed about
was 0 bytes.

http://phpwebsite.appstate.edu/downloads/security/phpwebsite-core-
security-patch2.tar.gz
md5sum: 1b3153eed4c026289f8744f65e8b922a

Just untar in you phpwebsite base.
-- 
Steven Levin
Computer Systems Admin I
Electronic Student Services
Appalachian State University
http://phpwebsite.appstate.edu