Security update for Freetag Plugin

Thursday, August 27. 2009
Posted by Garvin Hicking in Announcements, Security

Comments (4)
Trackbacks (0)

Thanks to Niels Provos we have been informed of a security issue in the Serendipity Freetag plugin (serendipity_event_freetag). Versions up to 3.08 contained a bug that was not properly escaping a GET variable used in an SQL statement, leading to a possible SQL injection attack.

The impact of this is considered to be low, as the query used is only for displaying Meta keywords inside a blog entry, and usual mysql-Client libraries to not allow to execute multiple stacked SQL queries to drop tables etc.

Nevertheless, you should upgrade this plugin version. It is available on Spartacus, or for manual download.


Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

Thanks for that info, I wondered about it already!
#1 Marc (Homepage) on 2009-09-02 00:12 (Reply)
would be nice to have a security mailing list for such things.
#2 ameno on 2009-09-07 01:47 (Reply)
You can all subscribe to the "Security" category's RSS feed!

There are also services that sends you RSS feeds via mail, if you prefer that over a RSS client.
#3 Garvin (Homepage) on 2009-09-07 09:17 (Reply)
Just installed it on the test server for the relaunch of our blog - up to now everything works perfectly fine. Keep the fingers crossed!
#4 Markus (Homepage) on 2009-09-16 18:40 (Reply)

Add Comment

E-Mail addresses will not be displayed and will only be used for E-Mail notifications.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

BBCode format allowed
 
 
 
 

Frontpage - Top level

 

Quicksearch


Categories


All categories

Archives


SVN/CVS state

The current nightly/SVN trunk state is: testing 1.6

Recommendation(s): Use 1.5.1 release

Please report issues and bugs on our Bugtracker. Your help is very much appreciated.


Syndicate This Blog


More RSS Feeds

Event Plugins
Sidebar Plugins
SVN/CVS commits
Serendipity around the world

Handbuch für Serendipity


Das offizielle, umfassende Serendipity-Handbuch für Einsteiger und Profis ist nun im Handel und kann online bei Amazon oder Open Source Press bestellt werden, oder auch bei jedem Buchhändler.