[IPS News] IP.Gallery 4.2.x and 5.0.x Security Update

[NewsBot]

<p><span style="font-size:18px;"><strong>Security Update: 7th February 2013</strong></span><br><br>

A cross-site-scripting (XSS) exploit has been discovered in IP.Gallery. We are releasing a security update for versions 4.2.x and 5.0.x today to patch this issue.<br><br><strong>Instructions:</strong></p>

<p><br>

Patching is very easy.</p>

<ol><li>Identify the version of IP.Gallery you are running.</li>

<li>Download and unzip the appropriate patch file below that matches your version.</li>

<li>Upload the contents of the zip to your /public/js directory, overwriting the existing file.</li>

</ol><p>IP.Gallery 4.2.x<br>

<a href="http://community.invisionpower.com/index.php?app=core&module=attach&section=attach&attach_id=48115" title="Download attachment"><img src="http://community.invisionpower.com/public/style_extra/mime_types/zip.gif" alt="Attached File" /></a>

 <a href="http://community.invisionpower.com/index.php?app=core&module=attach&section=attach&attach_id=48115" title="Download attachment"><strong>ipg42_feb13.zip</strong></a>   <span class='desc'><strong>831bytes</strong></span>

  <span class="desc lighter">10 downloads</span><br><br>

IP.Gallery 5.0.x<br>

<a href="http://community.invisionpower.com/index.php?app=core&module=attach&section=attach&attach_id=48116" title="Download attachment"><img src="http://community.invisionpower.com/public/style_extra/mime_types/zip.gif" alt="Attached File" /></a>

 <a href="http://community.invisionpower.com/index.php?app=core&module=attach&section=attach&attach_id=48116" title="Download attachment"><strong>ipg5_feb13.zip</strong></a>   <span class='desc'><strong>2.41K</strong></span>

  <span class="desc lighter">34 downloads</span><br><br><strong>Notes:</strong></p>

<ul><li>When you apply the security update the bulletin in your AdminCP will still display. We keep the bulletin in place for at least a week after a security release.</li>

<li>Our main software packages accessed via the client area have already been updated with this security update.</li>

</ul><p> </p>

<p> </p>

<p><em>Our thanks to Mohamed Ramadan ( Attack-Secure.com / <a href='https://www.invisionpower.com/clients/index.php?app=nexus&module=support&section=redirect&url=https%3A%2F%2Ftwitter.com%2FAttack_Secure&key=94734d92f88bcc6b8b8ebf582eeceb885916bd84&resource=' class='bbc_url' title='External link' rel='nofollow external'>https://twitter.com/Attack_Secure</a> ) for bringing this to our attention.</em></p>

Zobacz cały news