Koozali.org: home of the SME Server

Security update, SME8.# SME9.# and SME10Alpha - bad redirection parameter

Offline TerryF

  • grumpy old man
  • *
  • 1,819
  • +6/-0
Invalidated redirect - Possible account hijack via unvalidated redirect in the login URL 'back' parameter

Fixed in: e-smith-manager-2_6_0-14_el6_sme sme9
Fixed in: e-smith-manager-2_2_0-13_el5_sme sme8
Fixed in: e-smith-manager-2_8_0-15_el7_sme sme10

fix bad redirection parameter that might reveal session information to remote site, bugs 9920, 9923, 9924

Update is syncing to release mirrors now.

# yum update e-smith-manager or just a yum update
qui scribit bis legit