SPIP Security alert + new version 2.0.9 (and 1.9.2 i )

SPIP Security alert + new version 2.0.9 (and 1.9.2 i )

http://www.spip-contrib.net/SPIP-Security-Alert-new-version

I’d suggest you to upgrade ASAP.

–
Etienne Brackers.
http://www.loiseau2nuit.net

| Ted Turner - « Sports is like a war without the killing. »

You don’t need to upgrade SPIP to block this attack :
just remove the write access to /config/ and any file inside…

.Gilles

On Thu, Aug 6, 2009 at 2:10 PM, L’oiseau2nuit <l.oiseau2nuit@gmail.com> wrote:

SPIP Security alert + new version 2.0.9 (and 1.9.2 i )

http://www.spip-contrib.net/SPIP-Security-Alert-new-version

I’d suggest you to upgrade ASAP.

–
Etienne Brackers.
http://www.loiseau2nuit.net

| Ted Turner - « Sports is like a war without the killing. »

---

spip-en@rezo.net - http://listes.rezo.net/mailman/listinfo/spip-en

You don't need to upgrade SPIP to block this attack :
just remove the write access to /config/ and any file inside..

Not really. This will block the specific attack we have witnessed, but
not the possible range of attacks through the same security hole.

-- Fil