Atualização de segurança para o WHMCS
Ontem a WHMCS divulgou uma atualização de segurança para corrigir uma vulnerabilidade do sistema financeiro de mesmo nome. Esta vulnerabilidade foi descoberta por um pesquisado da safeornot.net e não há informações que a mesma é de conhecimento público.
A correção deve ser feita por quem usa as versões 4.0, 4.1, 4.2, 4.3, 4.4, 4.5, 5.0, 5.1, e BETA 5.2, excluindo-se apenas a recém lançada versão 5.2.1. A atualização deve ser feita imediatamente pois segundo a classificação de risco ela possui nível crítico e importante.
Para corrgir o problema basta efetuar o download do arquivo, seguindo a referência abaixo, descompactá-lo e depois enviar os arquivos para a raiz da instalação do seu WHMCS.
4.0.x http://www.whmcs.com/download/170/12mar2013patchv40
4.1.x http://www.whmcs.com/download/174/12mar2013patchv41
4.2.x http://www.whmcs.com/download/178/12mar2013patchv42
4.3.x http://www.whmcs.com/download/182/12mar2013patchv43
4.4.x http://www.whmcs.com/download/186/12mar2013patchv44
4.5.x http://www.whmcs.com/download/190/12mar2013patchv45
5.0.4: http://www.whmcs.com/download/194/12mar2013patchv504
5.1.4: http://www.whmcs.com/download/198/12mar2013patchv514
Atenção! Se você tem instalado a versão 5.2 Beta faça a atualização para a nova versão 5.2.1 que foi lançada ontem. Para que possui as versões 5.0.3 ou 5.1.3 deverá descompactar o arquivo zipado das versões 5.0.4 e 5.1.4, respectivamente, para a raiz do seu WHMCS.
Segue abaixo a integra do email recebido da WHMCS:
========================================
WHMCS Security Advisory for 4.x, 5.x
http://blog.whmcs.com/?t=69402
========================================WHMCS has released new patches for the 4 and 5 series. These updates provide
targeted changes to address security concerns with the WHMCS product. You are
highly encouraged to update immediately.WHMCS has rated these updates as including critical and important security
impacts. Information on security ratings is available at
http://go.whmcs.com/74/securitylevels.++++++++++++
Releases
++++++++++++
The following versions of WHMCS address all known vulnerabilities:
5.0.4
5.1.4
STABLE 5.2.1The latest public releases of WHMCS are available inside our members area at
https://www.whmcs.com/members/clientarea.php++++++++++++++++++++++++++++++++++++
Security Issue Information
++++++++++++++++++++++++++++++++++++
The resolved security issues were all identified by Vlad C. of NetSec
Interactive Solutions . There is no reason to
believe that these vulnerabilities are known to the public. As such, WHMCS will
only release limited information regarding the vulnerabilities at this time.Once sufficient time has passed to allow WHMCS customers to update their
installed software, WHMCS will release additional information regarding the
nature of the security issues. These Targeted Security Releases and Patches
address 6 vulnerabilities in WHMCS version 4.0, 4.1, 4.2, 4.3, 4.4, 4.5, 5.0,
5.1, and BETA 5.2. Additional, supplemental information is scheduled to be
released April 9th, 2013.++++++++++++
Mitigation
++++++++++++——————
WHMCS Version 4.x
——————
Download and apply the appropriate patch files to protect against these
vulnerabilities.Patch files for affected versions of the 4.x series are located on the WHMCS
site as itemized below.4.0 series: http://www.whmcs.com/download/170/12mar2013patchv40
4.1 series: http://www.whmcs.com/download/174/12mar2013patchv41
4.2 series: http://www.whmcs.com/download/178/12mar2013patchv42
4.3 series: http://www.whmcs.com/download/182/12mar2013patchv43
4.4 series: http://www.whmcs.com/download/186/12mar2013patchv44
4.5 series: http://www.whmcs.com/download/190/12mar2013patchv45To apply the patch, simply download the appropriate patch file specific to the
WHMCS version you are running, extract the contents, and upload the files from
the /whmcs/ folder to your installation.No install or upgrade process is required.
——————
WHMCS Version 5.x
——————
Download and apply the appropriate full-version of WHMCS to protect against
these vulnerabilities.Full-versions for the affected version of the 5.x series are located in the
WHMCS members area download section, under your license details.v5.0.4
v5.1.4
v5.2.1 STABLEWhen updating from v5.2.0 BETA to v5.2.1 STABLE, you must perform an upgrade.
The upgrade process is described here:
http://docs.whmcs.com/Upgrading#Performing_an_UpgradeWhen updating from v5.0.3 or v5.1.3, the upgrade process is not required. To
apply the full-version, simply download the appropriate file specific to the
WHMCS version you are running, extract the contents, and upload the files from
the /whmcs/ folder to your installation.================================================================================
WHMCS Limited
www.whmcs.com– Support: http://support.whmcs.com/
– Documentation: http://docs.whmcs.com/
– Members Area: http://www.whmcs.com/members/
Não se esqueçam: mantenham seu WHMCS atualizado para não ter surpresas!