منتدى استراحات زايد

منتدى استراحات زايد (http://vb.ma7room.com/index.php)
-   منتدى أخبار المواقع والمنتديات العربية والأجنبية (http://vb.ma7room.com/forumdisplay.php?f=183)
-   -   vBulletin 4 Security Patch for Potential Yahoo! User Interface Library Exploit - 11/01/2012 (http://vb.ma7room.com/showthread.php?t=1051794)

محروم.كوم 11-01-2012 11:40 PM
vBulletin 4 Security Patch for Potential Yahoo! User Interface Library Exploit - 11/01/2012
 
A recent Yahoo! report indicated a potential SWF exploit vector involving the Yahoo! User Interface Library (YUI). Upon review, the vBulletin team has determined that the vBulletin 4 Asset Manager is affected. Once the issue was identified, updated YUI files were requested from Yahoo! to eliminate the reported threat.

This issue affects ALL vBulletin 4 SUITE and FORUM versions. vBulletin 3 and vBulletin 5 are not affected.

Security patches have been released for vBulletin 4.1.12 and vBulletin 4.2.

vBulletin 4 Customers Running 4.1.12 or 4.2:
Please install the patch immediately.
  1. Download the patch for the version of vBulletin you're currently running from https://members.vbulletin.com/patches.php.
  2. Extract the vBulletin patch files from the zip file.
  3. Upload the patch files to your server, overwriting the old files.
The upgrade.php script does not need to be run.

vBulletin 4 Customers Not Running 4.1.12 or 4.2:
Please upgrade to vBulletin 4.1.12 PL3 or vBulletin 4.2 PL3. If you do not wish to upgrade at this time, the potential exploit can be addressed by updating Server Settings and Optimization Options using the following steps:
  • Log into your Admin CP.
  • Expand the "Settings" menu in the leftnav.
  • Click on the "Options" link.
  • Select "Server Settings and Optimization Options" from the list and click the "Edit Settings" button.
  • Make sure "Yahoo!" is selected in the "Use Remote YUI" section.
  • Scroll to the bottom of the screen and click the "Save" button.
This change will set your forum to use the latest YUI file hosted by Yahoo!. The potential exploit vector will be closed once you've performed this change. It is strongly recommended that you do so immediately.

As with all security-based releases, we recommend that all affected customers upgrade as soon as possible.

Advanced Users:
Files updated in vBulletin 4.1.12 PL3 and 4.2 PL3.
  • clienstcript/yui/uploader/assets/uploader.swf
  • includes/version_vbulletin.php
Please note that this list does not contain the files changed in any previous patches for these versions. Only the files changed in vBulletin 4.1.12 PL3 and 4.2 PL3 are listed.

Yahoo!'s announcement regarding the potential YUI exploit can be found - HERE

Licensed customers can discuss the security patch - HERE

Instructions on how to patch your vBulletin 4.1.12 or 4.2 site can be found - HERE


الساعة الآن 04:03 AM

Powered by vBulletin® Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.5.2 TranZ By Almuhajir


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227