Contributed by: Dirk Sunday, May 09 2010 @ 02:15 pm EDT
You may remember the flurry of security issues that Bookoo of the Nine Situations Group reported for Geeklog in April last year. Well, it looks like we missed one issue in those reports: Geeklog's auto login feature is vulnerable to brute force / dictionary attacks. To fix this, we are releasing the following security updates:
Other versions: The issue is also fixed in Geeklog 1.7.0[*5] (but present in the 1.7.0 beta and release candidate). The 1.5.2sr6 upgrade can also be used for Geeklog 1.6.0, 1.5.1, and 1.5.0. Earlier versions were not tested - we really recommend to upgrade to a newer version (1.6.1sr1 or 1.7.0) instead.