Security issue - upgrade action required for 2.28 and older versions

security

(Lars Øverland) #1

Hi all,

a potential serious security issue has been discovered with one of the libraries used by DHIS 2. The issue can potentially allow attackers to write or copy files to disk in arbitrary locations. The attacker needs to be logged in to DHIS 2 (authenticated) to do this.

The affected versions are DHIS 2.28 and older.

We have patched the following versions: 2.25, 2.26, 2.27, 2.28.

We recommend that you upgrade to the latest build of the mentioned releases if you are affected. We won’t disclose more info about this issue on the public mailing list.

best,

Lars

···

Lars Helge Øverland

Technical lead, DHIS 2

University of Oslo

lars@dhis2.org

https://www.dhis2.org


(Tuzo) #2

Noted with thanks

···

On Thu, Nov 15, 2018 at 3:06 PM Lars Helge Øverland lars@dhis2.org wrote:

Hi all,

a potential serious security issue has been discovered with one of the libraries used by DHIS 2. The issue can potentially allow attackers to write or copy files to disk in arbitrary locations. The attacker needs to be logged in to DHIS 2 (authenticated) to do this.

The affected versions are DHIS 2.28 and older.

We have patched the following versions: 2.25, 2.26, 2.27, 2.28.

We recommend that you upgrade to the latest build of the mentioned releases if you are affected. We won’t disclose more info about this issue on the public mailing list.

best,

Lars

Lars Helge Øverland

Technical lead, DHIS 2

University of Oslo

lars@dhis2.org

https://www.dhis2.org


Mailing list: https://launchpad.net/~dhis2-users

Post to : dhis2-users@lists.launchpad.net

Unsubscribe : https://launchpad.net/~dhis2-users

More help : https://help.launchpad.net/ListHelp