+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Development Area (/forum-1.html)
+--- Forum: Security Advisories (/forum-7.html)
+--- Thread: Security vulnerability warning ispCP Omega 1.0.0 RC2 (/thread-438.html)
Security vulnerability warning ispCP Omega 1.0.0 RC2 - digibyte - 04-25-2007 09:01 AM
Raphael (atomo64) today posted a security vulnerability in our bug tracker. We implemented as soon as possible a fix to solve this vulnerability. As a result you can download the new release candidate RC2b.
For fixing only the critical security bug, there is a patch available on http://downloads.sourceforge.net/ispcp/ispcp-omega-1.0.0-rc2-security-patch.txt
With the next command you can install the patch:
Code:
patch -cl -d /var/www/ispcp < /path/to/ispcp-omega-1.0.0-rc2-security-patch.txtTo manually fix the security bug add the following line above in the file /var/www/ispcp/gui/include/sql.php immediately below the commented text (around line 20):
PHP Code:
$include_path = realpath(dirname(__FILE__));
We thank Raphael to reporting this security bug and we hope everyone using ispCP Omega will patch this bug. To stay informed about security bugs and new releases, subscribe to our announce mailinglist.