Difference between revisions of "Security Alert Fixes"

Revision as of 19:51, 13 July 2013

Place to record and track OpenEMR security alerts and their fixes (in chronological order from earlier to later):

The first two items likely still exist. A user needs to be authenticated(logged in) into OpenEMR to be able to do this; note a codebase refactoring is currently underway to fix these types of vulnerabilities.
The last 2 items will are fixed in most recent 4.1.1 patch and dev version.

The first item is same as the arbitrary file upload vulnerability item reported above and has been fixed in most recent 4.1.1 patch and dev version.
The second item likely still exists. A user needs to be authenticated(logged in) into OpenEMR to be able to do this; note a codebase refactoring is currently underway to fix these types of vulnerabilities.
The third item is fixed in most recent 4.1.1 patch and dev version.
The fourth item likely still exists. A user needs to be authenticated(logged in) into OpenEMR to be able to do this; note a codebase refactoring is currently underway to fix these types of vulnerabilities.
The fifth item is fixed in most recent 4.1.1 patch and dev version.
The sixth item is fixed in most recent 4.1.1 patch and dev version.
The seventh item is fixed in most recent 4.1.1 patch and dev version.
The eighth item is fixed in most recent 4.1.1 patch and dev version.

TODO:

Systematically go through the http://osvdb.org/ site to ensure all vulnerabilities have been addressed.

@@ Line 30: / Line 30: @@
 :*[http://osvdb.org/show/osvdb/90549 XSS Vulnerability]
 ::*Fixed in most recent 4.1.1 patch and dev version
+:*[http://www.trustwave.com/spiderlabs/advisories/TWSL2013-018.txt Multiple Vulnerabilities in OpenEMR]
+::*All the items have been fixed in most recent 4.1.1 patch and dev version.
 <br>
 <br>