edvan Posted December 23, 2013 Share Posted December 23, 2013 Pessoal, Foi divulgado a pouco uma nova atualização de segurança http://blog.whmcs.com/?t=83303 Link to comment Share on other sites More sharing options...
Fernando Rafs Posted December 23, 2013 Share Posted December 23, 2013 WHMCS Security Advisory TSR-2013-010 WHMCS has released a new update for all supported versions of WHMCS. This update contains a change that addresses a specific security concern within the WHMCS product. We strongly encourage you to update your WHMCS installations as soon as possible. WHMCS has rated this update as having an important security impact. Information on security ratings can be found at http://docs.whmcs.com/Security_Levels Releases Please update your installation to the following version: v5.2.15 Patches - What is a Patch? Incremental patches can be downloaded by following the provided links below. These patch sets contain only the files that have changed between the previous release and this update. The previous release version that these patch sets are designed for is clearly indicated as the first and smaller number. Do not attempt to apply an incremental patch set to an installation that is running a different version than the indicated version. Doing so will result in a "Down for Maintenance" message and require you to use the full release to complete the upgrade. Incremental patches do not require any update process. Simply apply the changed files to the existing WHMCS installation. The following incremental patches are available for direct download: 5.2.14 --> 5.2.15 Patch http://go.whmcs.com/290/v5214_incremental_to_v5215_patch MD5 Checksum: 75673ada9e671f3d0e2b771e1462630b To apply a patch set release, download the files as indicated above. Then follow the upgrade instructions for a "Patch Set" which can be found at http://docs.whmcs.com/Upgrading#For_a_Patch_Set Full Release - What is a Full Release? A full release distribution contains all the files of a WHMCS product installation. It can be used to perform a new install or update an existing installation (regardless of previous version). The latest full release can always be downloaded from our members area at https://www.whmcs.com/members 5.2.15 Full Version - Downloadable from the WHMCS Members Area MD5 Checksum: d990f802db28c28d6d2fc003c8f339eb To apply a full release, download the files as indicated above. Then follow the upgrade instructions for a "Full Release Version" which can be found at http://docs.whmcs.com/Upgrading#For_a_Full_Release_Version Important Maintenance Issue Information This release also provides resolution for the following maintenance issues: Case #3706 - Some graphs failing after recent Google Graph API Update Case #3711 - CSV Export content should not contain HTML entities Case #3726 - PDF Line Items failing to output some specific characters Case #3727 - Admin password reset process failing to send new password email Case #3738 - Sub-account password field's default text must be removed on focus/click events Security Issue Information This Advisory provides resolution for a single security issue which was publicly disclosed. Specific information regarding that issue can be found below. Case #3785 SQL Injection via Admin Credit Routines === Severity Level === Important === Description === An attacker who can function as an authenticated admin user with the ability to apply credits to an invoice can, using specially crafted input, cause the credit routines to execute arbitrary SQL commands if the target user has a credit balance known to the attacker. Due to the many prerequisites necessary to successfully navigate this vector, a security impact level has been assessed as "Important". Information on security ratings can be found at http://docs.whmcs.com/Security_Levels === Resolution === Download and apply the appropriate software updates to protect against these vulnerabilities; information about software update releases is provided in the "Releases" section of this Advisory. All published and supported versions of WHMCS prior to 5.2.15 are affected by one or more of these maintenance and security issues. For information regarding our Long Term Support Policy, read our documentation here: http://docs.whmcs.com/Long_Term_Support * This Security Advisory is in the process of being emailed to all active license holders. Posted by Matt on Monday, December 23rd, 2013 Link to comment Share on other sites More sharing options...
LeandroTC Posted December 23, 2013 Share Posted December 23, 2013 Obrigado pela informação! Abraços! :) Link to comment Share on other sites More sharing options...
Jean Santos Posted December 23, 2013 Share Posted December 23, 2013 UHUL mais uma, bis,bis ! Link to comment Share on other sites More sharing options...
edvan Posted December 23, 2013 Author Share Posted December 23, 2013 Tópico duplicado... postei 1 minutos antes Link to comment Share on other sites More sharing options...
Jean Santos Posted December 23, 2013 Share Posted December 23, 2013 AHSDUASHDUSADSA, sério Edvan ? Primeira vez que vejo isso por sua parte :P PS: Sistema do cão de resposta, demora 5 minutos para cada publicação, até parece que é necessário para um fórum desses tal sistema. Link to comment Share on other sites More sharing options...
LeandroTC Posted December 23, 2013 Share Posted December 23, 2013 Tópico duplicado... postei 1 minutos antes Então, eu percebi mesmo. Quase comentei nos 2, kkk. Abraços! :) Link to comment Share on other sites More sharing options...
Fernando Rafs Posted December 23, 2013 Share Posted December 23, 2013 Tópico duplicado... postei 1 minutos antes Realmente, não cheguei a ver o seu Post. Moderação por favor, tem como unir as respostas. Obrigado! Aproveitando encontrei algo estranho no arquivo incremental, conforme abaixo: Ao descompactar o arquivo encontrei uma pasta '5.2.15', o que fazer com ela? E ao acessá-la: Link to comment Share on other sites More sharing options...
Fernando Rafs Posted December 23, 2013 Share Posted December 23, 2013 Realmente, não cheguei a ver o seu Post. Moderação por favor, tem como unir as respostas. Obrigado! Aproveitando encontrei algo estranho no arquivo incremental, conforme abaixo: Ao descompactar o arquivo encontrei uma pasta '5.2.15', o que fazer com ela? E ao acessá-la: Já arrumaram! Antes o arquivo tinha quase 1.30MB agora passou para 532Kb. - http://forum.whmcs.com/showthread.php?83307-v5-2-15-patch-broken 1 Link to comment Share on other sites More sharing options...
edvan Posted December 23, 2013 Author Share Posted December 23, 2013 UHUL mais uma, bis,bis ! Aproveitaram e fizeram a correção dos itens: Important Maintenance Issue Information This release also provides resolution for the following maintenance issues: Case #3706 - Some graphs failing after recent Google Graph API Update Case #3711 - CSV Export content should not contain HTML entities Case #3726 - PDF Line Items failing to output some specific characters Case #3727 - Admin password reset process failing to send new password email Case #3738 - Sub-account password field's default text must be removed on focus/click events Link to comment Share on other sites More sharing options...
Recommended Posts