Current time: 04-23-2014, 08:14 PM Hello There, Guest! (LoginRegister)


MyBB 1.4.3 Released - Security Update
10-28-2008, 01:54 AM (This post was last modified: 11-15-2008 05:34 PM by Ryan Gordon.)
Post: #1
Exclamation MyBB 1.4.3 Released - Security Update
MyBB 1.4.3 is a security update to the MyBB 1.4 series. It fixes 2 medium risk and 2 low risk security vulnerabilities. We recommend everybody upgrades to this release immediately or patch their boards with the manual patching instructions below.

These vulnerabilities affect MyBB 1.4.2. Older versions of MyBB may also be affected. Please see the post below for upgrade instructions for 1.2.14.

MyBB 1.4.2 to MyBB 1.4.3 Patch
This patch is only for users running MyBB 1.4.2. If you are running an older version of MyBB then please download MyBB 1.4.3 from the MyBB site and update to it.

Please download the attached ZIP archive and replace the files in your forum directory with those from the ZIP archive.


.zip  changed_files_1403.zip (Size: 84.39 KB / Downloads: 1592)

If you wish to manually patch your board please download "mybb_1402_patches.txt" and follow the instructions in that file.


.txt  mybb_1402_patches.txt (Size: 2.8 KB / Downloads: 951)

Reporting MyBB security vulnerabilities
If you think you've found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we've had time to prepare and release a patch.

As always, you can send through security related messages on the MyBB website from the Contact Us page.

Note: The changed file package also contains the bug fix to #37824.
Visit this user's website Find all posts by this user
10-28-2008, 01:55 AM (This post was last modified: 10-29-2008 09:47 PM by Ryan Gordon.)
Post: #2
RE: MyBB 1.4.3 Released - Maintenance and Security Update
MyBB 1.2.14 Patch
This patch is only for users running MyBB 1.2.14 or any previous release of the MyBB 1.2 series.

Please download "mybb_1214_patches.txt" attached to this post and follow the manual patching instructions.

Please note all users of the 1.2.x series are urged to upgrade to the latest release of MyBB. (1.4.3)


.txt  mybb_1214_patches.txt (Size: 1.24 KB / Downloads: 879)
Visit this user's website Find all posts by this user
10-28-2008, 01:59 AM
Post: #3
RE: MyBB 1.4.3 Released - Security Update
Discuss this announcement
Visit this user's website Find all posts by this user
10-29-2008, 02:53 AM (This post was last modified: 11-15-2008 05:26 PM by Ryan Gordon.)
Post: #4
RE: MyBB 1.4.3 Released - Security Update
Hi,

Unfortunately do to an unforeseen oversight, a change needs to be made to a security fix to those of you who applied the patch before this post (October 29th, 2008).

ONLY If you applied or downloaded the MyBB 1.4.3 Package before October 29th, 2008.

Quote:In inc/functions.php find:
PHP Code:
echo "alert('".str_replace("'""\'"$message)."');\n"

and replace with

PHP Code:
echo 'alert("'.addslashes($message).'");'

ALSO FIND:
PHP Code:
echo "window.location = '".str_replace("'""\'"$url)."';\n"

and replace with

PHP Code:
echo 'window.location = "'.addslashes($url).'";'."\n"

As of the time of this post the changed file package, manual file changes, and the MyBB download have been updated. We apologize for any inconvenience this may have caused you.

MyBB Group
Visit this user's website Find all posts by this user


Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us | MyBB | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication