Not logged in. · Lost password · Register
Forum: News and announcements RSS
Security update available (Important)
Reply
Avatar
Reply · Quote Yves (Administrator) 2009-06-06, 00:27 #1
User title: UNB developer & webmaster
Member since Jan 2004 · 3740 posts · Location: Erlangen, Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Subject: Security update available
Just to let you know: A few days ago, somebody has published a few security bugs in latest UNB that I have now fixed in the last hour. A new development version of UNB is now available for download. It is highly recommended to update to the new version.

See the list of fixed bugs in the change log.
Go to the download page.


Nur, um euch Bescheid zu geben: Vor ein paar Tagen hat jemand ein paar Sicherheitslücken im neuesten UNB veröffentlicht, die ich in der letzten Stunde nun behoben habe. Eine neue Development-Version steht zum Download bereit. Es ist sehr empfehlenswert, auf diese zu aktualisieren.

(Links siehe oben, sind eh alle auf englisch.)
♪ ...nanananah, all in all we’re just brilliant thieves, nanananah... ♪♬
Avatar
Reply · Quote NFG 2009-06-06, 11:42 #2
Member since Sep 2006 · 105 posts
Group memberships: Members
Show profile · Link to this post
Yves, thanks for quickly responding to this issue.

Is it possible to get a list of affected files?  I'm trying to update several forums, looking for files by date, then merging changes you've made with the ones I've made, line by line.  It's kind of a pain in the ass, and it might save a lot of time to know which files are updated, if not the specifics in the files.
Avatar
Reply · Quote Yves (Administrator) 2009-06-06, 22:30 #3
User title: UNB developer & webmaster
Member since Jan 2004 · 3740 posts · Location: Erlangen, Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Sure. This is the summary of file differences from the last two devel archives 20090402 and 20090606.

extra/import/readme.txt   (file added)
unb_lib/common.lib.php   (2 lines added)
unb_lib/database.lib.php   (1 line removed)
unb_lib/rss.inc.php   (1 line added)
unb_lib/ute-runtime.conf.php   (2 comment lines added, 1 line altered)
unb_lib/version.def.php   (2 lines altered)
♪ ...nanananah, all in all we’re just brilliant thieves, nanananah... ♪♬
Reply · Quote jense 2009-06-10, 21:28 #4
Member since Nov 2006 · 327 posts · Location: Dortmund
Group memberships: Members
Show profile · Link to this post
Hm, ok.  The only relevant one (in PHP5 times) is the SQL injection bug, isn't it?  Is the exploit as capable as it looks like?
Alala, Alala, Gimme three wishes - CSS
Avatar
Reply · Quote Yves (Administrator) 2009-06-25, 20:59 #5
User title: UNB developer & webmaster
Member since Jan 2004 · 3740 posts · Location: Erlangen, Germany
Group memberships: Administrators, Members
Show profile · Link to this post
I haven't tested it practically. But I believe that it may work.
♪ ...nanananah, all in all we’re just brilliant thieves, nanananah... ♪♬
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please note the verification code from the picture into the text field next to it.
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Reply

Go to forum
This board is powered by the Unclassified NewsBoard software, 20100516-dev, © 2003-10 by Yves Goergen
Page created in 188 ms (140 ms) · 62 database queries in 128 ms
Current time: 2010-07-30, 10:57:11 (UTC +02:00)