[Koha] Koha security release -- July 2013

Larry Baerveldt larry at bywatersolutions.com
Wed Jul 31 03:19:40 NZST 2013 

If the modules are optional, then you don't have to install them for Koha
to function. However, if you do want to install them, most can be installed
at the command line using apt-get. The package name will be based on the
module name, and will start with "lib" and end with "-perl". So, if you
need String::Random, you can install it with "sudo apt-get install
libstring-random-perl".

Some modules cannot be found in apt however, and those will need to be
installed using CPAN. You can start CPAN and run it interactively with
"sudo cpan", or you can run cpan and install the module in one command with
"sudo cpan Module::Name", e.g. "sudo cpan String::RewritePrefix". More
information on CPAN can be found here,
http://www.cpan.org/modules/INSTALL.html.

Regards,
Larry



On Mon, Jul 29, 2013 at 9:51 PM, Vinod Kumar Mishra <
vinod_librarian at rediffmail.com> wrote:

> Dear All,
>
> I have just upgraded 3.10.7 to 3.10.9 upbuntu package installation with
> upgrade command.
>
> Under about Koha-Perl modules, Several optional perl module is missing
> along with String::Random (Required module) and Archive::Extract (module
> upgrade needed).
>
> Please let me know what to do or is it effect the proper working of koha
> anyway?
>
> On Tue, 30 Jul 2013 04:18:36 +0530  wrote
> >[Apologies for multi-posting]
>
>
>
> The Koha community is releasing a security update for all supported and
>
> recent unsupported versions of Koha. The security update is available for
>
> the following new releases:
>
>
>
> 3.12.3
>
> 3.10.9
>
> 3.8.16
>
> 3.6.12
>
>
>
> Patches are also available for 3.2.x and 3.4.x.
>
>
>
> The security update fixes a situation where manipulation of the cookie used
>
> for retaining OPAC search history for anonymous sessions could
>
> theoretically result in the execution of arbitrary code on a Koha
> webserver.
>
>
>
> We are aware of no active exploits at this time. The security issue can be
>
> mitigated by turning off the EnableOpacSearchHistory system preference
>
>
>
> We recommend that all Koha users upgrade as soon as possible. If you cannot
>
> upgrade immediately, we strongly encourage you to turn off the
>
> EnableOpacSearchHistory system preference until such time as you can
>
> upgrade.
>
>
>
> Users of the Debian packages for 3.10.x and 3.12.x can get the latest
>
> release by running apt-get update followed by apt-get upgrade. Because a
>
> new dependency was added recently, it may be necessary to run apt-get
>
> dist-upgrade instead or to run apt-get install koha-common.
>
>
>
> For users of the Debian packages for 3.8.x and 3.6.x, since the Koha APT
>
> repository no longer contains those versions, .deb files are available for
>
> download and installation using dpkg -i:
>
>
>
> .deb for 3.8.16:
>
> http://download.koha-community.org/koha-common_3.08.16.1-1_all.deb
>
> .deb for 3.6.12:
>
> http://download.koha-community.org/koha-common_3.06.12.1-1_all.deb
>
>
>
> Tarballs are also available:
>
>
>
> 3.12.3: http://download.koha-community.org/koha-3.12.03.tar.gz
>
> 3.10.9: http://download.koha-community.org/koha-3.10.09.tar.gz
>
> 3.8.16: http://download.koha-community.org/koha-3.08.16.tar.gz
>
> 3.6.12:
> http://download.koha-community.org/old_releases/koha-3.06.12.tar.gz
>
>
>
> The patches for 3.4.x and 3.2.x can be found as the top three commits in
>
> the 3.4.x and 3.2.x branches in Koha’s Git repository.
>
>
>
> As a general note, if you are not running a version of Koha that has has a
>
> release maintainer (current 3.8.x, 3.10.x, and 3.12.x), we strongly urge
>
> you to upgrade to a supported version.
>
>
>
> Regards,
>
>
>
> Galen
>
> --
>
> Galen Charlton
>
> Manager of Implementation
>
> Equinox Software, Inc. / The Open Source Experts
>
> email: gmc at esilibrary.com
>
> direct: +1 770-709-5581
>
> cell:  +1 404-984-4366
>
> skype: gmcharlt
>
> web:  http://www.esilibrary.com/
>
> Supporting Koha and Evergreen: http://koha-community.org &
>
> http://evergreen-ils.org
>
> _______________________________________________
>
> Koha mailing list http://koha-community.org
>
> Koha at lists.katipo.co.nz
>
> http://lists.katipo.co.nz/mailman/listinfo/koha
>
>
>
> With regards,
> Vinod Kumar Mishra,
> Assistant Librarian,
> Biju Patnaik Central Library,
> NIT Rourkela,
> Mob:91+9439420860
>     91+6612462103 (O)
> email: vinod_librarian at rediffmail.com
>      : mishravk79 at gmail.com
> _______________________________________________
> Koha mailing list  http://koha-community.org
> Koha at lists.katipo.co.nz
> http://lists.katipo.co.nz/mailman/listinfo/koha
>



-- 
*Larry Baerveldt*
Systems Administrator
ByWater Solutions
Support and Consulting for Open Source Software
Headquarters: Santa Barbara, CA
Office: Indianapolis, IN
Phone/Fax (888)900-8944
http://bywatersolutions.com
larry at bywatersolutions.com
What is Koha? <http://bywatersolutions.com/what-is-koha/>

More information about the Koha mailing list