Forums | Mahara Community

Security Announcements /
Denial of Service in Mahara 1.4.0 and 1.3.6


This topic is closed. Only moderators and the group administrators can post new replies.
François Marier's profile picture
Posts: 411

03 November 2011, 17:42

Category: Denial of Service
Severity: Medium
Versions affected: < 1.3.7, < 1.4.1
Reported by: Mahara Team
Identifier: CVE-2011-2772
Bug report: 784978

Uploading large images can cause the GD PHP extension to use up all available memory and essentially take a server down if other out-of-memory mechanisms don't kick in to kill the process.

Unless your server already imposes hard limits on the memory usage of web server processes, we recommend that you upgrade your site as soon as possible.

1 result