Albertech.net » security http://albertech.net Tips, Tricks, and Reviews in Linux, Apache, MySQL, PHP Fri, 03 Sep 2010 17:40:28 +0000 en hourly 1 http://wordpress.org/?v=3.0.1 CodeIgniter 1.7.2 Security Patch http://albertech.net/2010/08/codeigniter-1-7-2-patch/ http://albertech.net/2010/08/codeigniter-1-7-2-patch/#comments Sat, 14 Aug 2010 06:33:59 +0000 admin http://albertech.net/?p=440 http://codeigniter.com/download_files/CI_1.7.2_201007_sec_patch.zip and unzip the file to the Code Igniter system/libraries folder.]]> If you are running CodeIgniter 1.7.2, there is a security flaw with the file upload class. (fixed on July 12, 2010)  The easiest way to install the patch is to use the standalone patch http://codeigniter.com/download_files/CI_1.7.2_201007_sec_patch.zip and unzip the file to the Code Igniter system/libraries folder.

]]> http://albertech.net/2010/08/codeigniter-1-7-2-patch/feed/ 0 VMWARE Server 2.02 Update http://albertech.net/2009/11/vmware-server-2-02-update/ http://albertech.net/2009/11/vmware-server-2-02-update/#comments Fri, 13 Nov 2009 19:29:04 +0000 admin http://albertech.net/?p=317 VMWARE Server 2.02 has been released October 27, 2009. It includes a few important security updates for VMWARE Server. If you are running a Linux server with VMWARE server 2.01, I strongly suggest to upgrade due to the “Directory Traversal Vulnerability” — which may allow for remote retrieval of any file from the host system.

Security Fixes with VMWARE 2.02

  • New: Exception handling privilege escalation on Guest Operating System This release addresses a security vulnerability in exception handling. Improper setting of the exception code on page faults might allow for local privilege escalation on the guest. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-2267 to this issue.

  • New: Directory Traversal Vulnerability on Linux-based hosts This release addresses a directory traversal vulnerability that is present on host systems and that may allow for remote retrieval of any file from the host system. In order to send a malicious request, the attacker will need to have access to the network on which the host resides. The issue is present on Linux-based hosts only, not on Windows-based hosts. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-3733 to this issue.

There’s a number of workarounds listed in the VMWARE Server 2.02 Release notes

Download the latest version of VMware Server 2

]]> http://albertech.net/2009/11/vmware-server-2-02-update/feed/ 0 WordPress 2.8.2 Released http://albertech.net/2009/07/wordpress-2-8-2-released/ http://albertech.net/2009/07/wordpress-2-8-2-released/#comments Wed, 22 Jul 2009 17:11:51 +0000 admin http://albertech.net/?p=220 WordPress 2.8.2 has been released. This affects both WordPress and WordPress MU. I recommend upgrading your current version since it contains a security fix.
WordPress 2.8.2 fixes an XSS vulnerability. Comment author URLs were not fully sanitized when displayed in the admin. This could be exploited to redirect you away from the admin to another site.
For more details, visit: http://wordpress.org/development/2009/07/wordpress-2-8-2/ You can automatically upgrade WordPress within your control panel, or manually upgrade via: http://wordpress.org/download/ WordPress MU download: http://mu.wordpress.org/download/]]> WordPress 2.8.2 has been released. This affects both WordPress and WordPress MU. I recommend upgrading your current version since it contains a security fix.

WordPress 2.8.2 fixes an XSS vulnerability. Comment author URLs were not fully sanitized when displayed in the admin. This could be exploited to redirect you away from the admin to another site.

For more details, visit:
http://wordpress.org/development/2009/07/wordpress-2-8-2/

You can automatically upgrade WordPress within your control panel, or manually upgrade via:
http://wordpress.org/download/

WordPress MU download:

http://mu.wordpress.org/download/

]]> http://albertech.net/2009/07/wordpress-2-8-2-released/feed/ 0