EPrints 3.3.16 February 2021 security patch

Newman, David R (2021) EPrints 3.3.16 February 2021 security patch.

[img] Patch file for security vulnerabilities - Other
Available under License Creative Commons GNU LGPL (Software).


Official URL: http://wiki.eprits.org/

Item Type: Patch
EPrints Version: EPrints 3 > EPrints 3.3
License: GPL
Date: 23 February 2021
Creators Name: Newman, David R
Department: School of Electronics and Computer Science
Institution: University of Southampton
Date Deposited: 23 Feb 2021 10:56
Last Modified: 23 Feb 2021 23:27


A number of security vulnerabilities have been identified with EPrints 3.3.16 codebase and will have been present in earlier versions of EPrints 3.3. These vulnerabilities have been patched in EPrints 3.3 GitHub (https://github.com/eprints/eprints) but this provides a patch file to fix these vulnerabilities in 3.3.16. The scripts affected are: - /cgi/ajax/phrase : CVE-2021-26703 - /cgi/latex2png : CVE-2021-3342 - /cgi/toolbox/toolbox : CVE-2021-26704


EPrints 3.3.16 already installed. May work on earlier versions of EPrints 3.3.


Run the following command as the eprints user. Assuming this patch file is in eprints' home directory and replacing EPRINTS_PATH for EPrints' root directory: patch -p1 -ruN -d EPRINTS_PATH < ~/eprints-3_3_16-vulns.patch


University of Southampton

Repository Staff Only: edit this item