Geeklog 1.6.1sr1 and 1.5.2sr6
- Sunday, May 09 2010 @ 02:15 pm EDT
- Contributed by: Dirk
- Views: 6,423
You may remember the flurry of security issues that Bookoo of the Nine Situations Group reported for Geeklog in April last year. Well, it looks like we missed one issue in those reports: Geeklog's auto login feature is vulnerable to brute force / dictionary attacks. To fix this, we are releasing the following security updates:
- Geeklog 1.6.1sr1 (complete tarball or upgrade from 1.6.1)
- Geeklog 1.5.2sr6 (1.5.2 "Combo" update or upgrade from 1.5.2sr5)
Other versions: The issue is also fixed in Geeklog 1.7.0 (but present in the 1.7.0 beta and release candidate). The 1.5.2sr6 upgrade can also be used for Geeklog 1.6.0, 1.5.1, and 1.5.0. Earlier versions were not tested - we really recommend to upgrade to a newer version (1.6.1sr1 or 1.7.0) instead.