Difference between revisions of "Critical Security Fix for CVE-2017-16540"

From OpenEMR Project Wiki
Line 2: Line 2:


:In order to protect yourself from this vulnerability:
:In order to protect yourself from this vulnerability:
:*If using OpenEMR 5.0.0:
::*If using OpenEMR 5.0.0:
::#Update to the most recent patch and follow the instructions here: http://www.open-emr.org/wiki/index.php/OpenEMR_Patches
:::#Update to the most recent patch and follow the instructions here: http://www.open-emr.org/wiki/index.php/OpenEMR_Patches
::#To be extra safe, then remove the setup.php file from the openemr web directory (if you need this file in the future, then can download it at [https://raw.githubusercontent.com/openemr/openemr/rel-500/setup.php setup.php]).
:::#To be extra safe, then remove the setup.php file from the openemr web directory (if you need this file in the future, then can download it at [https://raw.githubusercontent.com/openemr/openemr/rel-500/setup.php setup.php]).
:*If using OpenEMR 4.2.2 or lower:
::*If using OpenEMR 4.2.2 or lower:
::#Remove the setup.php file from the openemr web directory.
:::#Remove the setup.php file from the openemr web directory.

Revision as of 19:54, 5 November 2017

There is a critical security vulnerability in OpenEMR before 5.0.0 Patch 5 . More details can be found here: https://nvd.nist.gov/vuln/detail/CVE-2017-16540
In order to protect yourself from this vulnerability:
  • If using OpenEMR 5.0.0:
  1. Update to the most recent patch and follow the instructions here: http://www.open-emr.org/wiki/index.php/OpenEMR_Patches
  2. To be extra safe, then remove the setup.php file from the openemr web directory (if you need this file in the future, then can download it at setup.php).
  • If using OpenEMR 4.2.2 or lower:
  1. Remove the setup.php file from the openemr web directory.