Urgency on Security Fixes for Bug 80338 and Bug 84547

Urgency on Security Fixes for Bug 80338 and Bug 84547

Submitted by admin on Tue, 02/11/2014 - 11:20

Last updated on Tue, 02/11/2014 - 11:46

Bug 80338 (Feb 2013) is a Local File Inclusion vulnerability that leads to potential Privilege Escalation:

Bug 80338: Privilege Escalation via LFI
CVE: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7091&cid=3

Bug 84547 is a newer Critical Security Vulnerability (Dec 2013) that has not had further details released (in order to protect other customers):

Bug 84547: Critical Security Vulnerability
CVE: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7217

There is great urgency for getting this patched on your platform, as there is an exploit for Bug 80338 in the wild, discussed here:


And it has been used to install upload and bitcoin mining Zimlets (and potentially others) on some customer systems. You can read about the clean-up steps for this here:


As noted, there are patches and upgrades available here:


Please let us know if further questions. Sorry for the difficulties on this.

Login to post a comment
Supported By Jabetto