форум vBSupport.ru > vBSupport.ru > News
  • »
VBsupport перешел с домена .ORG на родной .RU Ура! Пожалуйста, обновите свои закладки - VBsupport.ru
 
 
 
 
ikopylov
Гуру
vBSNews
 
ikopylov's Avatar
Default Доступность новой версии vBulletin: 4.2.0 Patch Level 3
8

В связи с дыркой в в Yahoo! User Interface Library (YUI) Выпущено обновление PL3


Quote:
vBulletin 4 Security Patch for Potential Yahoo! User Interface Library Exploit - 11/01/2012

A recent Yahoo! report indicated a potential SWF exploit vector involving the Yahoo! User Interface Library (YUI). Upon review, the vBulletin team has determined that the vBulletin 4 Asset Manager is affected. Once the issue was identified, updated YUI files were requested from Yahoo! to eliminate the reported threat.

This issue affects ALL vBulletin 4 SUITE and FORUM versions. vBulletin 3 and vBulletin 5 are not affected.

Security patches have been released for vBulletin 4.1.12 and vBulletin 4.2.

vBulletin 4 Customers Running 4.1.12 or 4.2:
Please install the patch immediately.

Download the patch for the version of vBulletin you're currently running from https://members.vbulletin.com/patches.php.
Extract the vBulletin patch files from the zip file.
Upload the patch files to your server, overwriting the old files.


The upgrade.php script does not need to be run.

vBulletin 4 Customers Not Running 4.1.12 or 4.2:
Please upgrade to vBulletin 4.1.12 PL3 or vBulletin 4.2 PL3. If you do not wish to upgrade at this time, the potential exploit can be addressed by updating Server Settings and Optimization Options using the following steps:

Log into your Admin CP.
Expand the "Settings" menu in the leftnav.
Click on the "Options" link.
Select "Server Settings and Optimization Options" from the list and click the "Edit Settings" button.
Make sure "Yahoo!" is selected in the "Use Remote YUI" section.
Scroll to the bottom of the screen and click the "Save" button.


This change will set your forum to use the latest YUI file hosted by Yahoo!. The potential exploit vector will be closed once you've performed this change. It is strongly recommended that you do so immediately.

As with all security-based releases, we recommend that all affected customers upgrade as soon as possible.

Advanced Users:
Files updated in vBulletin 4.1.12 PL3 and 4.2 PL3.

clienstcript/yui/uploader/assets/uploader.swf
includes/version_vbulletin.php



Please note that this list does not contain the files changed in any previous patches for these versions. Only the files changed in vBulletin 4.1.12 PL3 and 4.2 PL3 are listed.

Yahoo!'s announcement regarding the potential YUI exploit can be found - HERE

Licensed customers can discuss the security patch - HERE

Instructions on how to patch your vBulletin 4.1.12 or 4.2 site can be found - HERE

Last edited by ikopylov : 11-14-2012 at 10:09 AM.
Bot
Yandex Bot Yandex Bot is online now
 
Join Date: 05.05.2005
Реклама на форуме А что у нас тут интересного? =)
 
 
ikopylov
Гуру
vBSNews
 
ikopylov's Avatar
Default
4

Обновите с 4.2 PL2 до 4.2 PL3
uploader.rar

Для других версий я не знаю будет работать или нет
 
 
Lukamal
Простоузер
Default
0

Правильно ли я понимаю.
Нужно в папку clienstcript/yui/uploader/assets залить uploader.swf из архива, а затем перейти http://форум/clienstcript/yui/upload...s/uploader.swf
 
 
ikopylov
Гуру
vBSNews
 
ikopylov's Avatar
Default
1

Quote:
Originally Posted by Lukamal View Post
Правильно ли я понимаю.
Нужно в папку clienstcript/yui/uploader/assets залить uploader.swf из архива,
Да правильно
 
 
Arnowt
Продвинутый
Default
0

Quote:
Обновите с 4.2 PL2 до 4.2 PL3
uploader.rar
А NULL кто выложит PL3?
Потому как в админке всеравно пишет PL2
 
 
ChiefMate
Знаток
Default
0

Открой файл includes/version_vbulletin.php, врчную исправь 4.2.0 Patch Level 8
 
 
StenLi
На доске почёта
Пожизненный блэк
 
banned nax
Default
0

Arnowt, Нуль есть в файловом архиве форума.
 
 
Arnowt
Продвинутый
Default
0

В архиве PL2 или я чего-то не вижу...
А точно только на 1 файл отличается?
 
 
xeon
Простоузер
Default
0

я извиняюсь. вчера поставил и настроил vBulletin 4.1.2
но почитав ваш форум понял, что лучше 4.2.0

Как мне обновиться на эту версию???
 
 
хрюк
Гость
Default

xeon, как обычно. Думаете вы первый кто задаёт вопрос "как обновить форум?"?!
 

Tags
pl3? патч, обновление


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off




All times are GMT +4. The time now is 02:26 PM.


Powered by vBulletin® Version VipeR Edition
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Loading...