Jump to content



Photo

Wordpress 2.3.3


  • Please log in to reply
16 replies to this topic

#1 Damien R.

Damien R.

    XXX

  • 122,011 posts
  • Joined: 20-July 02
  • Location: England
  • OS: Windows 8.1 x64
  • Phone: Samsung Galaxy

Posted 06 February 2008 - 02:17

As most will know if you log into your blog using Wordpress that theres an update but incase you don't...

WordPress 2.3.3 is an urgent security release. If you have registration enabled a flaw was found in the XML-RPC implementation such that a specially crafted request would allow a user to edit posts of other users on that blog. In addition to fixing this security flaw, 2.3.3 fixes a few minor bugs. If you are interested only in the security fix, download the fixed version of xmlrpc.php and copy it over your existing xmlrpc.php. Otherwise, you can get the entire release here.

Also, there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an update is available from its author.

Since we are talking security, remember to use strong passwords and change them regularly. While you’re updating WP and your plugins, consider refreshing your passwords.


[[url="http://wordpress.org/download/Downloadb>%5B/url]]


#2 vetblackice912

blackice912

    Neowinian Senior

  • 5,481 posts
  • Joined: 09-March 03
  • Location: Everett, WA

Posted 06 February 2008 - 02:23

Thanks (Y). Fix applied.

#3 vetbangbang023

bangbang023

    Silent Veteran

  • 36,192 posts
  • Joined: 17-October 01
  • Location: Brooklyn, NY

Posted 06 February 2008 - 03:00

Saw this, but thanks. One of the drawbacks of being one of the most disliked moderators here is that I have to update immediately or wind up screwed lol.

#4 OP Damien R.

Damien R.

    XXX

  • 122,011 posts
  • Joined: 20-July 02
  • Location: England
  • OS: Windows 8.1 x64
  • Phone: Samsung Galaxy

Posted 06 February 2008 - 03:15

Saw this, but thanks. One of the drawbacks of being one of the most disliked moderators here is that I have to update immediately or wind up screwed lol.


:|

Would people that low to do stuff like that?

I update all the time now never used to update with the small fixes.

#5 vetbangbang023

bangbang023

    Silent Veteran

  • 36,192 posts
  • Joined: 17-October 01
  • Location: Brooklyn, NY

Posted 06 February 2008 - 03:20

:|

Would people that low to do stuff like that?

I update all the time now never used to update with the small fixes.

Lol, you'd be surprised. If it's not spamming the hell out of the site, it's trying various exploits. You should see the log of how many attempts were made recently to use some kind of URL exploit.

Back on topic, though, I'm very anxious to see what 2.5 brings to the table.

#6 zeroday

zeroday

    meh

  • 5,303 posts
  • Joined: 04-April 06
  • Location: .

Posted 06 February 2008 - 15:00

Thanks for the info.
Is there a changed files link?

#7 Echilon

Echilon

    GGTW

  • 10,414 posts
  • Joined: 18-May 03
  • Location: Chester, England

Posted 06 February 2008 - 20:05

Lol, you'd be surprised. If it's not spamming the hell out of the site, it's trying various exploits. You should see the log of how many attempts were made recently to use some kind of URL exploit.

Back on topic, though, I'm very anxious to see what 2.5 brings to the table.

I've got a plugin called 4040 notifier installed and it logs loads of failed attempts at exploits. My blog doesn't get massive amount of traffic, but at least 10% is people trying exploits.

#8 vetbangbang023

bangbang023

    Silent Veteran

  • 36,192 posts
  • Joined: 17-October 01
  • Location: Brooklyn, NY

Posted 06 February 2008 - 20:29

I've got a plugin called 4040 notifier installed and it logs loads of failed attempts at exploits. My blog doesn't get massive amount of traffic, but at least 10% is people trying exploits.

I figured most of them are random attackers, but there's a reason I had to remove the shoutbox lol. People from here tend to get really ****y when I have to issue a warning.

#9 Creamy

Creamy

    Neowinian

  • 1,437 posts
  • Joined: 08-January 03
  • Location: Germany, EU

Posted 06 February 2008 - 22:49

I figured most of them are random attackers, but there's a reason I had to remove the shoutbox lol. People from here tend to get really ****y when I have to issue a warning.


Sometimes you see yourself as a kindergarten employee, don't you..? :p
I'm sure I would..

#10 +Wannes

Wannes

    iCommand ⌘

  • 9,361 posts
  • Joined: 03-January 04
  • Location: Belgium
  • OS: Windows 8.1
  • Phone: iPhone 5

Posted 06 February 2008 - 22:51

Thanks for the information. Updated my son's blog while I was at it.

#11 lunamonkey

lunamonkey

    Ten years on Neowin.

  • 9,029 posts
  • Joined: 28-May 03
  • Location: Swindon, England

Posted 06 February 2008 - 22:52

Cheers, I installed this to make it a little easier...

http://www.zirona.co...nstant-upgrade/

Works really well, especially if you don't always have access to download+ftp facilities

#12 Creamy

Creamy

    Neowinian

  • 1,437 posts
  • Joined: 08-January 03
  • Location: Germany, EU

Posted 06 February 2008 - 22:58

Cheers, I installed this to make it a little easier...

http://www.zirona.co...nstant-upgrade/

Works really well, especially if you don't always have access to download+ftp facilities


Yeah, been using it for a while now! (Y)

#13 Jacky L.

Jacky L.

  • 12,080 posts
  • Joined: 27-October 04
  • Location: Hong Kong
  • OS: OS X Yosemite
  • Phone: iPhone 5s

Posted 06 February 2008 - 23:24

Is that automatic upgrade process reliable... unless Wordpress got rights to it and licenced it under its own future releases, I won't be relying upgrading on a plugin. A hassle yes.

#14 +Wannes

Wannes

    iCommand ⌘

  • 9,361 posts
  • Joined: 03-January 04
  • Location: Belgium
  • OS: Windows 8.1
  • Phone: iPhone 5

Posted 06 February 2008 - 23:34

I don't mind the upgrade process actually and I find it "scary" to use a plug-in for updating. This will need you CHMOD your files to 0777 not?

#15 lunamonkey

lunamonkey

    Ten years on Neowin.

  • 9,029 posts
  • Joined: 28-May 03
  • Location: Swindon, England

Posted 06 February 2008 - 23:34

Is that automatic upgrade process reliable... unless Wordpress got rights to it and licenced it under its own future releases, I won't be relying upgrading on a plugin. A hassle yes.


Well It just downloads the latest zip file, and extracts it over the directory.

I does the same thing as I would do over FTP. So I don't see how it can go wrong. (Or more wrong than me doing it) :p