Geeklog 1.4.0sr1 and 1.3.11sr4
- Sunday, February 19 2006 @ 03:30 pm EST
- Contributed by: Dirk
- Views: 32,842
James Bercegay of GulfTech Security Research reported several issues with Geeklog's cookie handling that made it vulnerable to SQL injections, arbitrary file access, and even injection and execution of arbitrary code. To fix those issues, we are releasing Geeklog 1.4.0sr1 and 1.3.11sr4 and strongly suggest that you install those updates as soon as possible.
For Geeklog 1.4.0, there's the complete 1.4.0sr1 tarball as well as an upgrade archive containing only the necessary changes over 1.4.0.
To upgrade from Geeklog 1.3.11sr3, use the 1.3.11sr4 upgrade archive. If you're running on an older 1.3.11 release, you will have to install the previous updates first. You can, of course, always choose to update to 1.4.0sr1 directly, following the usual upgrade instructions.
Upgrading to 1.4.0sr1 is also what we suggest to anyone using a Geeklog version older than 1.3.11, as the reported issues also affect all earlier versions.