Segurança

Atualização de segurança do WHMCS de setembro de 2013

Mais uma atualização de segurança do WHMCS foi lançada, e para tentar identificar melhor as atualizações, a partir de hoje estarei colocando o mês e o ano da mesma no título do post, assim fica mais fácil identificar a qual período se trata a atualização.

Essa atualização é importante e é recomendado que seja feita rapidamente. Segue abaixo o comunicado recebido da WHMCS:

========================================
WHMCS Security Advisory for 4.x and 5.x
http://blog.whmcs.com/?t=76310
========================================

WHMCS has released new patches for the 4.5, 5.0, 5.1, and 5.2 minor releases.
These updates provide targeted changes to address security concerns with the
WHMCS product. You are highly encouraged to update immediately.

WHMCS has rated these updates as including critical or important security
impacts. Information on security ratings is available at
http://docs.whmcs.com/Security_Levels.

==Releases==
The following full-release versions of WHMCS have been published and address all
known vulnerabilities:
5.2.6

The latest public releases of WHMCS are available inside our members area at
https://www.whmcs.com/members/clientarea.php

PLEASE NOTE: The 4.5 series reached End Of Life as of June 30th 2013.  WHMCS is
aware that some customers have not moved to an LTS version due to the newness of
the LTS policy.  The related 4.5 patch release published along with this
Security Advisory is provided as a courtesy to those customers.  From this point
forward, there will be no more patches provided for 4.5 or any other release
that has reached EOL.

==Security Issue Information==
The resolved security issues were identified and reported by
Vlad C. of NetSec Interactive Solutions <http://safeornot.net>
Rack911 <https://www.rack911.com/>
FastVPS Eesti OU <http://fastvps.ru>
WHMCS development team.

There is no reason to believe that these vulnerabilities are known to the
public. As such, WHMCS will only release limited information regarding the
vulnerabilities at this time.

Once sufficient time has passed to allow WHMCS customers to update their
installed software, WHMCS will release additional information regarding the
nature of the security issue.

These Targeted Security Releases and Patches address 9 vulnerabilities in WHMCS
versions 4.5, 5.0, .5.1, and 5.2.

==Mitigation==

===WHMCS Version 4.5===
Download and apply the appropriate patch files to protect against these
vulnerabilities.

Patch files for affected versions of the 4.5 series are located on the WHMCS
site as itemized below.

v4.5.6 (patch only; for 4.5.5): http://go.whmcs.com/174/v456patch

To apply a patch, download the files as indicated above.  Next follow the
regular upgrade instructions which can be found at
http://docs.whmcs.com/Upgrading#Performing_an_Upgrade.

===WHMCS Version 5.x===
Download and apply the appropriate full-version or patch of WHMCS to protect
against these vulnerabilities.

Patch files for affected version 5.x are located on the WHMCS site as itemized
below. A full-version of 5.2.6 is located in the WHMCS member's area download
section, under your license details.

v5.0.7 (patch only; for 5.0.6): http://go.whmcs.com/178/v507patch
v5.1.8 (patch only; for 5.1.7): http://go.whmcs.com/182/v518patch
v5.2.6 (full-version) - Available in the members area @ www.whmcs.com/members

To apply a patch or full-version release, download the files as indicated above.
Next follow the regular upgrade instructions which can be found at
http://docs.whmcs.com/Upgrading#Performing_an_Upgrade.

*This Security Advisory is in the process of being emailed to all active license
holders.*

Não se esqueça: atualize o seu WHMCS e mantenha seguro seus serviços!

Maclei

Trabalhando com informática a mais de 22 anos, e com internet desde 1999, não costumo esconder o jogo e odeio panelinhas e a falta de verdade que alguns insistem em praticar no mercado.

Deixe um comentário

O seu endereço de e-mail não será publicado. Campos obrigatórios são marcados com *

Esse site utiliza o Akismet para reduzir spam. Aprenda como seus dados de comentários são processados.