===================================================================== CERT-Renater Note d'Information No. 2006/VULN128 _____________________________________________________________________ DATE : 03/04/2006 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Claroline 1.7.*, 1.6.* and 1.5.*. ====================================================================== Claroline Security Alert This is not an April fool : a serious security hole has just been been detected in Claroline 1.7.*, 1.6.* and 1.5.* (previous Claroline versions are not affected by these flaws). We seriously advise all people using Claroline 1.7 to patch their platform as soon as possible. Download the patches at these addresses : * Claroline 1.7 : http://www.claroline.net/dlarea/claroline.patch17401.zip * Claroline 1.6 : http://www.claroline.net/dlarea/claroline.patch16301.zip * Claroline 1.5 : http://www.claroline.net/dlarea/claroline.patch15401.zip How to apply the patch * Uncompress the zip archive file 'claroline.patch1**01.zip'. * Copy the 'claroline' directory found inside that archive on the 'claroline' directory already available on your web server. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================