1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice

Security again: phpBB 2.0.13 released

Discussion in 'Plesk for Linux - 8.x and Older' started by lvalics, Feb 27, 2005.

  1. lvalics

    lvalics Silver Pleskian Plesk Guru

    36
    43%
    Joined:
    Jun 20, 2003
    Messages:
    962
    Likes Received:
    31
    Location:
    Romania
    Hi everyone,
    phpBB Group announces the release of phpBB 2.0.13. This release addresses two recent security exploits, one of them critical. They were reported a few days after .12 was released and no one is more annoyed than us, having to release a new version in such a short period of time.
    Fortunately both fixes are easy and in each case just one line needs to be edited.
    The first issue is critical and we urge you to fix it on your forums as soon as possible:
    Open includes/sessions.php
    Find:
    if( $sessiondata['autologinid'] == $auto_login_key )
    Replace with:
    if( $sessiondata['autologinid'] === $auto_login_key )
    The second minor issue, reported to bugtraq several days ago, was the path disclosure bug in viewtopic.php. For further information on how to manually fix this bug please see our announcements forum at www.phpbb.com:
    http://www.phpbb.com/phpBB/viewtopic.php?t=267563
    As with all new releases we urge you to upgrade as soon as possible.
    You can of course find this download available on our website at:
    http://www.phpbb.com/downloads.php
    As per usual three packages are available to simplify your upgrade.
     
  2. kabarty

    kabarty Guest

    0
     
    Is there an easy way to update all the customers who've got phpBB installed? This is becoming a full time job trying to keep my customers boards up to date!

    Also, is there a new plesk package for the app-vault to bring phpBB up to 2.0.13? At the moment I've disabled my customers from installing new phpBB's because I just can't afford for them to get hacked as they'll install 2.0.11 if they go from app vault.

    Steve.
     
  3. luksa

    luksa Guest

    0
     
Loading...