Fethi.dz
2011-06-01, 15:48
vBulletin Security Patch for 4.X and 3.X Yahoo YUI Security Exploit
We have been notified of a potential, but unconfirmed exploit in vBulletin 3 and 4 (all versions) via the Yahoo YUI component library.
To rectify this issue we have released a patch for the latest version of vBulletin 3 and vBulletin 4, vBulletin 3.8.7 and vBulletin 4.1.3. Forthcoming vBulletin 4.1.4 will not be affected.
As such, we have released:
vBulletin Publishing Suite 4.1.3 PL1
vBulletin Forum Classic 4.1.3 PL1
vBulletin Forum Classic 3.8.7 PL1
Upgrade Process
The upgrade process is the same as previous patch level releases - simply download the patch from the Members Area (http://members.vbulletin.com/patches.php), extract the files and upload to your webserver, overwriting the existing files. There is no upgrade script required.
As with all security-based releases, we recommend that all customers upgrade as soon as possible in order to prevent any potential damage resulting from the flaw being exploited.
New installations/upgrades
(http://www.4algeria.com/vb/Support-4algeria.html)
If you are upgrading your site, or installing a new copy of our software, the latest software packages include the patch. These can be downloaded from your Members Area (http://members.vbulletin.com/)
To manually fix versions prior to vBulletin 4.1.3 and 3.8.7
Edit one line in class_core.php file located in /includes/class_core.php ; find the following line “define('YUI_VERSION', '2.7.0'); // define the YUI version we bundle” ; replace this line with “define('YUI_VERSION', '2.9.0'); // define the YUI version we bundle”
In AdminCP; Go to “Options” => “Server Settings and Optimization Options” ; find “Use Remote YUI” option and in the dropdown switch to a server of your choice, Google or Yahoo.
We have been notified of a potential, but unconfirmed exploit in vBulletin 3 and 4 (all versions) via the Yahoo YUI component library.
To rectify this issue we have released a patch for the latest version of vBulletin 3 and vBulletin 4, vBulletin 3.8.7 and vBulletin 4.1.3. Forthcoming vBulletin 4.1.4 will not be affected.
As such, we have released:
vBulletin Publishing Suite 4.1.3 PL1
vBulletin Forum Classic 4.1.3 PL1
vBulletin Forum Classic 3.8.7 PL1
Upgrade Process
The upgrade process is the same as previous patch level releases - simply download the patch from the Members Area (http://members.vbulletin.com/patches.php), extract the files and upload to your webserver, overwriting the existing files. There is no upgrade script required.
As with all security-based releases, we recommend that all customers upgrade as soon as possible in order to prevent any potential damage resulting from the flaw being exploited.
New installations/upgrades
(http://www.4algeria.com/vb/Support-4algeria.html)
If you are upgrading your site, or installing a new copy of our software, the latest software packages include the patch. These can be downloaded from your Members Area (http://members.vbulletin.com/)
To manually fix versions prior to vBulletin 4.1.3 and 3.8.7
Edit one line in class_core.php file located in /includes/class_core.php ; find the following line “define('YUI_VERSION', '2.7.0'); // define the YUI version we bundle” ; replace this line with “define('YUI_VERSION', '2.9.0'); // define the YUI version we bundle”
In AdminCP; Go to “Options” => “Server Settings and Optimization Options” ; find “Use Remote YUI” option and in the dropdown switch to a server of your choice, Google or Yahoo.