This is a security alert regarding slidePresenter-0.40-beta.
As released, slidePresenter-0.40-beta contains a security flaw in which
certain server-executable .php files may be overwritten by an attacker
having write-access to the web server. Although no known flaws in
slidePresenter provide that access, I have no way of confirming the same
is true of all other services running on your web server.
Therefore, all users of slidePresenter-0.40-beta are encouraged to
discontinue its use and revert to the latest stable version
(slidePresenter-0.33) until this vulnerability has been patched. To
prevent further distribution of the vulnerable code,
slidePresenter-0.40-beta has been removed from the download site at
sourceforge.net; all other previously released versions are still available.
Subscribers to the slides-announce list will be notified when a patched
version has been released.
--
Allen Shaw
Polymer (http://polymerdb.org)
slidePresenter (http://slides.sourceforge.net)
|
