[IPT] Security update

[Daniel Amariles]

Dear Kyle

Thank you so much for notifying.

All our IPTs instances were successfully updated.

http://ipt.sibcolombia.net/sib/
http://ipt.sibcolombia.net/valle/
http://ipt.sibcolombia.net/sinchi/
http://ipt.sibcolombia.net/iiap/
http://ipt.sibcolombia.net/iavh/
http://ipt.sibcolombia.net/resnatur/
http://ipt.sibcolombia.net/rnjb/
http://ipt.sibcolombia.net/rnoa/
http://ipt.sibcolombia.net/repatriados/

All the best

Daniel Amariles
http://flavors.me/Danipilze


2013/9/23 Kyle Braak [GBIF] <kbraak at gbif.org>

> Dear IPT users,
>
> This is an important message.
>
> IPT administrators should update their IPTs to the new version which has a
> security update and was released yesterday:
> https://code.google.com/p/gbif-providertoolkit/
>
> The security update fixes critical vulnerabilities that have been
> discovered in the Apache Struts web framework, which the IPT uses.
>
> According to this article<http://www.computerworld.com/s/article/9241639/Hackers_target_servers_running_Apache_Struts_apps?source=CTWNLE_nlt_security_2013-08-15>,
> these Struts vulnerabilities allow hackers to break into a server. It goes
> on to say that hackers are actively exploiting these vulnerabilities.
>
> Simple instructions on how to update your IPT are below. If you don't have
> time to update your IPT immediately, I would advise you to take it offline
> until you can.
>
> You can refer to this article<https://www.mandiant.com/blog/responding-attacks-apache-struts2/>, which
> describes how to determine if you have been attacked.
>
> Please email the IPT list directly for more help upgrading your
> installation.
>
> Sincerely,
>
> Kyle, on behalf of the IPT development team and the GBIF Secretariat
>
> Instructions how to update IPT in Tomcat:
>
>    1. Please download:
>    https://gbif-providertoolkit.googlecode.com/files/ipt-2.0.5-security-update-1.war
>    2. Backup IPT data directory somewhere safe
>    3. Remove ipt.war from $tomcat/webapps/ (some seconds later, the
>    deployed /ipt folder should automatically delete)
>    4. Once ipt.war and /ipt have been removed from /webapps - stop Tomcat
>    5. Add new version to /webapps renaming it from
>    ipt-2.0.5-security-update-1.war to ipt.war
>    6. Start Tomcat
>    7. In a browser open the application (if it doesn't appear at first,
>    try restarting Tomcat once more).
>    8. When prompted for IPT data directory, enter same location as
>    existing IPT data directory
>    9. Press continue, hopefully installation succeeds.
>
>
>
> _______________________________________________
> IPT mailing list
> IPT at lists.gbif.org
> http://lists.gbif.org/mailman/listinfo/ipt
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.gbif.org/pipermail/ipt/attachments/20130925/c09cb65f/attachment.html