Forum OpenACS Q&A: Re: Fixing charset issues when upgrading AOLserver 3.0+ad5

Thanks Jade.  Are there any security issues with 3.3+ad13?  The
motivation for this upgrade is a security review that highlighted
several vulnerabilities in our current version.  Most were fixed
after 3.2, so upgrading to 3.3+ad13 is definitely a good idea,
but there is still this one: http://www.securityfocus.com/bid/4535
which seems to be utstanding for all versions.  Anyone know if
there is a patch?

Thanks again, this has been driving me nuts.

Jeremy

Collapse
6: AOLserver security (response to 3)
Posted by Andrew Piskorski on
Jeremy, the security issue you mention above has been discussed here many times, including in April 2002, Nov. 2002, and June 2003.

It's a small bug in the the external database driver interface, which AFAIK no one using OpenACS ever uses at all. The Oracle and PostgreSQL database drivers are "internal" drivers and are not effected. In the unlikely event that you are using an "external" database driver of some sort with AOLserver, then you might want to patch that bug.

To the best of my knowledge there are no known security problems with AOLserver 3.3+ad13, at least not as used by OpenACS.

Collapse
7: Re: AOLserver security (response to 6)
Posted by Jeremy Henty on
Thanks Andrew, that is really helpful!

Regards,

Jeremy Henty