From dirk at haun-online.de  Sun Aug 30 13:16:18 2009
From: dirk at haun-online.de (Dirk Haun)
Date: Sun, 30 Aug 2009 19:16:18 +0200
Subject: [geeklog-announce] Geeklog 1.6.0sr2 and FCKeditor-related issues
Message-ID: <20090830171618.1883632104@smtp.haun-online.de>

An insecure configuration allowed unauthorized direct file uploads
through FCKeditor. While this did not pose a threat for the security of
a Geeklog site, it was apparently used to deposit malware on some
Geeklog sites.

Geeklog 1.6.0sr2 fixes this problem and is now available for download.
For details, please see

    http://www.geeklog.net/article.php/geeklog-1.6.0sr2


We have also received reports of hacked Geeklog sites where, apparently,
older vulnerabilities in FCKeditor have been exploited. We strongly
suggest to check that you're running the latest version of FCKeditor
(2.6.4.1). If you don't use it, you can simply remove the "fckeditor"
directory from your webspace. We are also providing a drop-in
replacement for older Geeklog versions:

    http://www.geeklog.net/filemgmt/index.php?id=971


-- 
http://www.geeklog.net/
http://geeklog.info/