Hi!
A serious security issue has been discovered in our bundled library XML-RPC. This issue allows for possible remote code execution.
We have upgraded the XML-RPC component to the fixed version and released Serendipity 0.8.2. The old SourceForge CVS HEAD branch now contains 0.8.2, and the SVN branches 0.8 and trunk also contain the changes.
The files can be found here:
http://www.s9y.org/12.html
or
http://sourceforge.net/project/showfile ... p_id=75065
Every user is urged to upgrade. As a temporary hotfix you can delete your
serendipity_xmlrpc.php file so that your blog will not easily allow execution of maliclius XML-RPC method calls.
We are very sorry for this inconvenience and need to point out that many PHP applications using this common XML-RPC PEAR class are affected by this bug. Please check your webspace for any outdated versions of that PEAR class and upgrade other related applications as soon as possible. Also read http://secunia.com/advisories/15852/.
Regards,
Garvin
Announcement: Seroius Serendipity 0.8.2 update
-
garvinhicking
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
Announcement: Seroius Serendipity 0.8.2 update
Last edited by garvinhicking on Thu Aug 04, 2005 6:21 pm, edited 1 time in total.
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/