UPDATE: How to Blog has MOVED! Please update your bookmarks and feeds! The new address is :
http://www.emilyrobbins.com/how-to-blog/
and all new posts and post updates will be made there! Comments and trackbacks at this location are now closed -- please visit the new How to Blog site in order to add a comment or a trackback and see updates to existing posts as well as all new posts from this point forward!

« Troubles getting BlogJet to work with WordPress? You need to upgrade to WordPress 1.5.1.1 | Main | OFF-TOPIC: Free Sony PSP and Free Xbox 360 offers turn out to be authentic, but only the ones from Freepay/Gratis Internet - and I actually got a free PSP! »

May 27, 2005

Here we go again - another WordPress Update to fix a security vulnerability

THIS POST HAS BEEN MOVED TO:

http://www.emilyrobbins.com/how-to-blog/here-we-go-again-another-wordpress-update-to-fix-a-security-vulnerability-286.htm

Please update your bookmarks to reflect the new, permanent location of How to Blog.  Comments and trackbacks on this post are now closed.  If you wish to comment on this post, please visit the new site!  Thank you!

-----------------------------------------------------------------------------------------------------------------------

Boy – this sure is starting to sound like a broken record.  WordPress 1.5.1.2 has now been released to fix a security vulnerability.

According to the developers:

It has come to our attention that under certain circumstances there is a security vulnerability in WordPress that may be triggered if you’re running the default template. We were able to respond very quickly (under 40 minutes) and update the download to 1.5.1.2. You can upgrade by overwriting your old 1.5 files or if you would like to apply the fix manually it is relatively simple:

  1. Open the wp-includes/template-functions-category.php file in a text editor like Wordpad.
  2. Go to around line 103 where it says get_the_category_by_ID.
  3. Create a new line after that and paste in $cat_ID = (int) $cat_ID;

One note, even if the vulnerability was present in your blog, you would still be safe if your host ran mod_security on their servers. It is an Apache module which can provide very high-level protection against everything like the vulnerability above to comment spam. We will be updating the hosting page shortly to reflect which hosts there support mod_security or not.

So, if I understand what they’re saying correctly, the vulnerability only affects users who are running the default template…?  Nonetheless, I’d go ahead and make the upgrade (or just do the manual fix) – never want to chance having a security hole.  Oy.

May 27, 2005 in Weblogs, WordPress | Permalink | Email This Post

Bookmark with del.icio.us, add to Yahoo!MyWeb or Digg This!

Comments

Not to mention that in 1.5.1.2 pingback and trackback sending is broken.

So the patch which was a fix(1.5.1.2) to a fix(1.5.1.1) to a fix (1.5.1) ( http://blog.taragana.com/index.php/archive/oh-no-yet-another-wordpress-fix-to-a-fix-to-a-fix/ ) needs another fix!

I am not comfortable with the state of things here.

Posted by: Angsuman Chakraborty | Jun 5, 2005 1:23:47 PM

Thanks for the info. This wordpress updating is getting a little tiring... oh, well... it's free, for now....

Posted by: Neil | Aug 24, 2005 12:21:30 AM

The comments to this entry are closed.

UPDATE: How to Blog has MOVED! Please update your bookmarks and feeds! The new address is :
http://www.emilyrobbins.com/how-to-blog/
and all new posts and post updates will be made there! Comments and trackbacks at this location are now closed -- please visit the new How to Blog site in order to add a comment or a trackback and see updates to existing posts as well as all new posts from this point forward!