[IPT] Security update
Daniel Amariles
daniel.amariles88 at gmail.com
Wed Sep 25 18:58:18 CEST 2013
Dear Kyle
Thank you so much for notifying.
All our IPTs instances were successfully updated.
http://ipt.sibcolombia.net/sib/
http://ipt.sibcolombia.net/valle/
http://ipt.sibcolombia.net/sinchi/
http://ipt.sibcolombia.net/iiap/
http://ipt.sibcolombia.net/iavh/
http://ipt.sibcolombia.net/resnatur/
http://ipt.sibcolombia.net/rnjb/
http://ipt.sibcolombia.net/rnoa/
http://ipt.sibcolombia.net/repatriados/
All the best
Daniel Amariles
http://flavors.me/Danipilze
2013/9/23 Kyle Braak [GBIF] <kbraak at gbif.org>
> Dear IPT users,
>
> This is an important message.
>
> IPT administrators should update their IPTs to the new version which has a
> security update and was released yesterday:
> https://code.google.com/p/gbif-providertoolkit/
>
> The security update fixes critical vulnerabilities that have been
> discovered in the Apache Struts web framework, which the IPT uses.
>
> According to this article<http://www.computerworld.com/s/article/9241639/Hackers_target_servers_running_Apache_Struts_apps?source=CTWNLE_nlt_security_2013-08-15>,
> these Struts vulnerabilities allow hackers to break into a server. It goes
> on to say that hackers are actively exploiting these vulnerabilities.
>
> Simple instructions on how to update your IPT are below. If you don't have
> time to update your IPT immediately, I would advise you to take it offline
> until you can.
>
> You can refer to this article<https://www.mandiant.com/blog/responding-attacks-apache-struts2/>, which
> describes how to determine if you have been attacked.
>
> Please email the IPT list directly for more help upgrading your
> installation.
>
> Sincerely,
>
> Kyle, on behalf of the IPT development team and the GBIF Secretariat
>
> Instructions how to update IPT in Tomcat:
>
> 1. Please download:
> https://gbif-providertoolkit.googlecode.com/files/ipt-2.0.5-security-update-1.war
> 2. Backup IPT data directory somewhere safe
> 3. Remove ipt.war from $tomcat/webapps/ (some seconds later, the
> deployed /ipt folder should automatically delete)
> 4. Once ipt.war and /ipt have been removed from /webapps - stop Tomcat
> 5. Add new version to /webapps renaming it from
> ipt-2.0.5-security-update-1.war to ipt.war
> 6. Start Tomcat
> 7. In a browser open the application (if it doesn't appear at first,
> try restarting Tomcat once more).
> 8. When prompted for IPT data directory, enter same location as
> existing IPT data directory
> 9. Press continue, hopefully installation succeeds.
>
>
>
> _______________________________________________
> IPT mailing list
> IPT at lists.gbif.org
> http://lists.gbif.org/mailman/listinfo/ipt
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.gbif.org/pipermail/ipt/attachments/20130925/c09cb65f/attachment.html
More information about the IPT
mailing list