Security Release for issue3446


Posted: 2013-11-04 10:00:00   |   Прочесть по-русски   |   Lire en français   |   Llegeix-ho en català   |   Auf Deutsch lesen   |   Leer en español   |  More posts about release security

Synopsis

A vulnerability in tryton has been found, that might allow a malicious server to send a crafted extention as answer to a report request leading the client to write the report on any file of the client host with the right of the user running the client (see issue3446).

Impact

Any file can be created on the client host with the access permissions of the user running the client.

Workaround

Users should connect only to trusted servers.

Resolution

All users should upgrade to the latest version of the used series.

Concern?

Any security concerns should be reported on the bug-tracker at http://bugs.tryton.org/ with the type security.