1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Registration Email Allowed In Our Database :  Yahoo * Gmail * Hotmail * Outlook * yandex * live * are allowed to register in our database. [ We Will Approve Manually After Review It ]

News XenForo Media Gallery 1.0.10 Released (Security Fix)

Discussion in 'Announcements' started by XFILES, Aug 30, 2016.

Thread Status:
Not open for further replies.
  1. XFILES

    XFILES is a Verified MemberXFILESModerator
    Staff Member Moderator

    Joined:
    Nov 1, 2015
    Messages:
    4,455
    Likes Received:
    597
    Trophy Points:
    113
    In order to apply the security fix included in XenForo 1.4.13 or 1.5.10 to XenForo Media Gallery 1.0, XenForo Media Gallery 1.0.10 has been released.

    This fixes the server-side request forgery (SSRF) security issue. This could allow an attacker to use your server to bypass your server's firewall and make internal requests. Depending on the services found, this could lead to privilege escalation or remote code execution.

    This is a potentially serious issue and we strongly recommend all customers running XenForo Media Gallery 1.0 follow one of the below methods to fix this security issue. You must also follow the instructions in the XenForo 1.4.13 or 1.5.10 release announcements for this patch to be effective.

    Please note that XenForo Media Gallery 1.1.5 and newer will automatically be secured from this issue if you follow the instructions in the XenForo 1.5.10 release announcement.

    If you have any questions relating to installing this patch or upgrading to the new version, please post in the Media Gallery Support forum.

    Method 1: Upgrade to the New Version (Recommended)

    The security fix can be applied by downloading XenForo Media Gallery 1.0.10 from your customer area and upgradingXenForo Media Gallery as normal.

    You must also follow the instructions in theXenForo 1.4.13 or 1.5.10 release announcements to fully fix this issue.

    Method 2: Install the Patch

    Download the patch zip file attached to the end of this message. It contains 4 files:
    • library/XenGallery/Helper/String.php
    • library/XenGallery/Model/File.php
    • library/XenGallery/Thumbnail/Abstract.php
    • library/XenGallery/ViewPublic/Media/PreviewVideo.php
    These 4 files should be uploaded to your server, overwriting the existing files of the same names.

    You must also follow the instructions in theXenForo 1.4.13 or 1.5.10 release announcements to fully fix this issue.

    Note that with this method there is no outward indication that the patch has been applied. We recommend upgrading if possible.
     
    File Name

    xfmg_patch_1010.zip

    Filesize 9.7 KB
    Viewed 1
    Loading...
Thread Status:
Not open for further replies.

Share This Page