IPB 2.1.7 Security Update (Low and Medium Risk)

[Black Prowler]

then how come my files(2.1.6 and 2.1.7 for one board) already had the edit within them? I noticed it when I went to paste the patched edit into the file...but there it was...right in front of me... :lol: I'll be glad to send you a copy of the default files from my downloads....they contain the patch edit already. ;)

[Will L.]

then how come my files(2.1.6 and 2.1.7 for one board) already had the edit within them? I noticed it when I went to paste the patched edit into the file...but there it was...right in front of me... :lol: I'll be glad to send you a copy of the default files from my downloads....they contain the patch edit already. ;)

you must be special as I looked at all my development and skin 2.1.7 and 3 live 2.1.7's and 1 2.1.7 archived on a cd-rom disc and it never had this added

and thanks Matt and staff for this quick fix its better to be safe then sorry is my saying on php security

[smashIt]

the line is in 2.1.6 BUT it's inside an else statement.
thats a bit of a difference

[Stewart]

then how come my files(2.1.6 and 2.1.7 for one board) already had the edit within them? I noticed it when I went to paste the patched edit into the file...but there it was...right in front of me... :lol: I'll be glad to send you a copy of the default files from my downloads....they contain the patch edit already. ;)

It's simply not possible. Note that the edit is to comment out a section of code. The section of code could and should be there already yes, but it is not commented out :)

[strolly]

Hello
I see the risk is low and Matt even posted in this thread
quote
I'm confident that this won't be a huge problem. It requires such a specific sequence of events to execute, most script kiddies won't really bother. In any case, we had the fix out around two hours after the vulnerability was made public.
quote
but wondered if someone could help, a forum I am a member of had problems yesterday and the usernames of 3 members were changed, two of the usernames were changed to the peoples real life names and one to a different id. The owner of this forum seems to be having problems in sorting this out could you advise him on the best course of action. Members are concerned about privacy violations if hackers are able to access your forums. This is the thread and forum in question
http://www.gptinfo.net/forum/index.php?showtopic=3380
Thank you for any help you can give on solving this problem.

[bfarber]

Hello

I see the risk is low and Matt even posted in this thread

quote

I'm confident that this won't be a huge problem. It requires such a specific sequence of events to execute, most script kiddies won't really bother. In any case, we had the fix out around two hours after the vulnerability was made public.

quote

but wondered if someone could help, a forum I am a member of had problems yesterday and the usernames of 3 members were changed, two of the usernames were changed to the peoples real life names and one to a different id. The owner of this forum seems to be having problems in sorting this out could you advise him on the best course of action. Members are concerned about privacy violations if hackers are able to access your forums. This is the thread and forum in question

http://www.gptinfo.net/forum/index.php?showtopic=3380

Thank you for any help you can give on solving this problem.

Please submit a ticket for support. :)

http://invisionpower.com/customer

[strolly]

Please submit a ticket for support. :)

http://invisionpower.com/customer

Thank you I will pass the information on, I was under the impression this security flaw was a redirect but is it possible the hacker could have got access to change users info?

[Canadian Hotdogman]

So there's this new one that just happened?

[bfarber]

So there's this new one that just happened?

Correct.

[.Ryan]

Will that sources file we downloaded, be updated, or do I just need to manually do it? And what are the chances of this happening anyways?

[Guest]

always up the latest version, security over ease. ;)

[djixas]

Why not created new topic about update? Since it shows up to date anyway even if not updated.

[Canadian Hotdogman]

I agree with the person above me.

[krang]

I do also agree with people above.

And could you please, for those who choose the manually update the file, add also the exact file so that I don't have to search it and can be sure, that it's the right one? :)

[Michael]

And could you please, for those who choose the manually update the file, add also the exact file so that I don't have to search it and can be sure, that it's the right one? :)

The exact file is attached to the post.

[phinsup]

I dont mean to be a complainer, but in the future could you please post security updates as new topics? Especially in this case as there is a medium security update in a formerly lower security topic. I get my updates notices by subscribing to new posts in that forum. Again sorry to be a PITA, but it is a fairly important matter.

Thanks

[krang]

oh sorry, i thought of the exact line instead of the exact file of course ;)

There's just the line-number of the section where you can find the things you've to edit.

[smashIt]

shouldn't there be a link to reset the warning?

[sunrisecc]

I have the same problem.

[Steve G.]

shouldn't there be a link to reset the warning?

+1

Edit: Nasty bug >>

Invision Power Board 2.2.0 RC 1

[Buzzy fan]

shouldn't there be a link to reset the warning?

Same for me..

Buzz

[GEusDTuPEnv]

shouldn't there be a link to reset the warning?

Some for me

[*Kari*]

shouldn't there be a link to reset the warning?

same for me as well. :unsure:

[sully]

Why not created new topic about update? Since it shows up to date anyway even if not updated.

Agreed. I was wondering why discussion in here started up again but took no notice. I only noticed when someone posted in 2.2 BETA Forum about it. :|

[Coastie]

same here.

Should have been a new topic, and need to reset the ACP image