Advertisement:

Author Topic: SMF 2.0.2 and 1.1.16 critical security patches released  (Read 1376870 times)

Offline ApplianceJunk

  • SMF Hero
  • ******
  • Posts: 3,387
    • ApplianceJunk.com
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #40 on: December 23, 2011, 10:17:26 AM »
Updated to 2.0.2 without out any problems, thanks

Offline CoreISP

  • Server Admin
  • Server Team
  • SMF Super Hero
  • *
  • Posts: 13,281
  • Gender: Male
  • CoreISP.net
    • coreisp on Facebook
    • liroyvh on LinkedIn
    • @liroyvh on Twitter
    • CoreISP Corporation :: WebHosting, Dedicated Servers, and more!
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #41 on: December 23, 2011, 10:40:52 AM »
The download problems SHOULD be solved now.
My apologies for any inconvenience. Enjoy! :)
- CoreISP.net Corporation -
  WebHosting, Colocation, Domain Registration & Network Services
- DedicatedBox.us Servers -
  Low priced Servers in a high-quality Network, the place for all your (advanced) server needs.
  We specialize in hosting big boards. Contact us!

((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

Offline tragidy

  • Semi-Newbie
  • *
  • Posts: 57
  • Gender: Male
  • Open Source
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #42 on: December 23, 2011, 10:41:58 AM »
The download problems SHOULD be solved now.
My apologies for any inconvenience. Enjoy! :)

On SMF 1.1.15

The package you are trying to download or install is either corrupt or not compatible with this version of SMF.

Is there a server-side cache that should be flushed on my end now?
Open source Matters, the GNU GPL License is one of the most valuable text ever created by mankind.
Support all open source projects when possible as their concepts are paving the future. ~ tragidy

Offline Argonaut

  • Semi-Newbie
  • *
  • Posts: 38
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #43 on: December 23, 2011, 10:42:46 AM »
If there's anybody who still has a problem with upgrading to 1.1.16

Quote
An Error Has Occurred!
The package you are trying to download or install is either corrupt or not compatible with this version of SMF.

Please see this thread:

www.simplemachines.org/community/index.php?topic=463108.0 (Error when trying to upgrade 1.1.15 to 1.1.16)

Offline CoreISP

  • Server Admin
  • Server Team
  • SMF Super Hero
  • *
  • Posts: 13,281
  • Gender: Male
  • CoreISP.net
    • coreisp on Facebook
    • liroyvh on LinkedIn
    • @liroyvh on Twitter
    • CoreISP Corporation :: WebHosting, Dedicated Servers, and more!
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #44 on: December 23, 2011, 10:51:19 AM »
This is from the package manger, right?
Not from the manual update package that you can find here?

-edit-
Nevermind, reading the thread now.
- CoreISP.net Corporation -
  WebHosting, Colocation, Domain Registration & Network Services
- DedicatedBox.us Servers -
  Low priced Servers in a high-quality Network, the place for all your (advanced) server needs.
  We specialize in hosting big boards. Contact us!

((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

Offline omidkosari

  • Semi-Newbie
  • *
  • Posts: 35
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #45 on: December 23, 2011, 11:00:02 AM »
No . i can not install even manually .

Offline nwsw

  • Semi-Newbie
  • *
  • Posts: 30
    • NoteWorthy Software
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #46 on: December 23, 2011, 11:08:19 AM »
In  reviewing the changes for SMF 1.1.16, and I find myself wondering what this change is supposed to do:

Code: [Select]
if (isset($GLOBALS[$variable]))
unset($GLOBALS[$variable], $GLOBALS[$variable]);

The changelog for 2.0.2 says this:

Quote
Make sure db_character_set doesn't end up set when it shouldn't be. (index.php)

I do not understand how the double unset will do much of anything. Perhaps this is just a quirk of PHP and unset of $GLOBALS that this code is intended to work around...

Update: Never mind...I found the exploit and the need for this with older PHP installs.
« Last Edit: December 23, 2011, 11:52:39 AM by ntworthy »

Offline billis_2

  • Semi-Newbie
  • *
  • Posts: 31
  • Gender: Male
    • AlbStars.Com
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #47 on: December 23, 2011, 11:32:04 AM »
Updated to 2.0.2 without out any problems.
Good work,
Thanks.

Offline cebu

  • Semi-Newbie
  • *
  • Posts: 43
  • Gender: Male
  • 1 Bar Boost
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #48 on: December 23, 2011, 12:16:09 PM »
updated my 2.0.1 forum to 2.0.2 without any problem.

for my 1.1.15 forum, since its giving error when trying to install through package manager, i did a manual update and everything went through as well.

Offline LAVX6

  • Newbie
  • *
  • Posts: 1
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #49 on: December 23, 2011, 01:00:54 PM »
great thnx

Offline phantomm

  • Sr. Member
  • ****
  • Posts: 978
  • Gender: Male
    • pages/smfpl/171860759503032 on Facebook
    • Polish ElkArte community
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #50 on: December 23, 2011, 02:04:15 PM »
Update for SMF 2.0.1 contains fix for problems with downloading attachments by FF?

and this is fixed in this patch?
Hi there,

in the Changelog (http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-1_changelog.txt) is written:
Quote
! A sensitive token was sent in the URL, allowing CSRF vulnerability (Subs-Menu.php)
But comparing Subs-Menu.php of version 2.0 and 2.0.1 does not show any differences except the @version-Line.

Was the bug already fixed in 2.0 or have you missed to replace the files correctly?

Thanks for information!

Update: Since 2.0 RC4 is no change (except a comment) done in Sources/Subs-Menu.php
« Last Edit: December 23, 2011, 02:07:29 PM by phantomm »
Polskie wsparcie SMF na simplemachines.org

My mods

Offline islam2hamy

  • Sophist Member
  • *****
  • Posts: 1,363
  • Gender: Male
  • SMF أنا بحب
    • First Arabic Support Site For SMF
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #51 on: December 23, 2011, 02:39:38 PM »
Thanks for update.
Arabic Translator - Web Designer
My Mods / My Themes  //  GfxLand





Offline Mr. Jinx

  • Full Member
  • ***
  • Posts: 402
  • Gender: Male
    • UPC Forum - Chelloo.com
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #52 on: December 23, 2011, 02:55:33 PM »
Thnx. Upgrade went fine!
Howto: Connect SMF to Twitter and/or Facebook (no coding or mods required!)

Offline Nolt

  • Language Moderator
  • Full Member
  • *
  • Posts: 453
  • Gender: Male
  • SMF Polish Translator
    • smfpolska on Facebook
    • Wizzi
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #53 on: December 23, 2011, 03:39:58 PM »
Update went smooth and without any problems, but in Admin section I have:

Installed version: 2.0.2
Newest version: 2.0.1

I've installed via package manager because I didn't had notification link about new version.

Offline GlitchPC

  • Full Member
  • ***
  • Posts: 429
  • Gender: Male
  • Gotta glitch?
    • Glitch PC - Free Computer Help
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #54 on: December 23, 2011, 03:45:20 PM »
Update went smooth and without any problems, but in Admin section I have:

Installed version: 2.0.2
Newest version: 2.0.1

I've installed via package manager because I didn't had notification link about new version.

run the fetch simple machine files from scheduled tasks

Offline (F.L.A.M.E.R)

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 10,614
  • Gender: Male
  • I am a ninja!
    • adishpatel on Facebook
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #55 on: December 23, 2011, 03:46:32 PM »
Good work team!! Well done. :-)
Need paid assistance for your forum? CLICK ME!
Email: flamer@simplemachines.org (Stop sending me love proposals! I don't do Internet dating :P)

Offline cerbopoli

  • Semi-Newbie
  • *
  • Posts: 13
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #56 on: December 23, 2011, 03:55:35 PM »
I get this error: You cannot download or install new packages because the Packages directory or one of the files in it are not writable! 

Yet all of my appropriate folders are set Writable (777).  Any ideas how I can remedy this?

Offline w0kie

  • Semi-Newbie
  • *
  • Posts: 20
    • Princess Chatter
1.1.16 auto update worked perfectly on my board.
« Reply #57 on: December 23, 2011, 04:10:06 PM »
1.1.16 auto update worked perfectly on my board.   8)

Offline CoreISP

  • Server Admin
  • Server Team
  • SMF Super Hero
  • *
  • Posts: 13,281
  • Gender: Male
  • CoreISP.net
    • coreisp on Facebook
    • liroyvh on LinkedIn
    • @liroyvh on Twitter
    • CoreISP Corporation :: WebHosting, Dedicated Servers, and more!
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #58 on: December 23, 2011, 04:16:15 PM »
I get this error: You cannot download or install new packages because the Packages directory or one of the files in it are not writable! 

Yet all of my appropriate folders are set Writable (777).  Any ideas how I can remedy this?

Set the chmod on that folder properly to 777 using FTP or your hosting control panel's file manager.

For any further questions, please do !NOT! use this topic. It is !NOT! for support.
Please ask your question in the support boards.

Thanks :)
- CoreISP.net Corporation -
  WebHosting, Colocation, Domain Registration & Network Services
- DedicatedBox.us Servers -
  Low priced Servers in a high-quality Network, the place for all your (advanced) server needs.
  We specialize in hosting big boards. Contact us!

((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

Offline Illori

  • Doc Coordinator
  • SMF Master
  • *
  • Posts: 36,211
Re: SMF 2.0.2 and 1.1.16 critical security patches released
« Reply #59 on: December 23, 2011, 04:22:13 PM »
no this patch does not include the fix for downloading attachments in firefox, and PLEASE open separate threads for your issues this thread is not for support.