Novi sigunosni patch ?!? Joomla! 1.0.15

Moderators: cicans, TheHacker

Locked
User avatar
ajfile
Joomla! Guru
Joomla! Guru
Posts: 595
Joined: Tue Sep 18, 2007 2:59 pm
Location: Beograd
Contact:

Novi sigunosni patch ?!? Joomla! 1.0.15

Post by ajfile » Fri Mar 07, 2008 10:35 am

Ovih dana svi pričaju o potrebi hitnog update-a Joomla!
Dobio sam i savet da treba izimenim (CHMOD) config fajlova, kao i ostalih (i diretkorijuma) - ajd ovo je nebingo (podrazumeva se).

Mene više interesuje taj novi patch ..
http://www.joomla.org/content/view/4609/1/

Pošto koristim neki modul "JMS multisites" koji je i sam uradio hakove na mnogim fajlovim-a, pa sam i sam dodatno menjao neke stvari u nesećam se kojim fajlovima,,. zanima me da li je ovo što piše na linku iznad .. da li je to sve što ovaj pacht donosi?
Explanation
In Joomla! 1.0.13, the following line was added to the configuration.php file:

if(!defined('RG_EMULATION')) { define( 'RG_EMULATION', 0 ); }

This file is located in the root directory of your Joomla! Web site. Including this extra line protects against possible remote file inclusion.

Web sites created with Joomla! 1.0.13 or later already contain this line. However, Web sites upgraded from 1.0.12 or earlier are missing this line. All this upgrade does is add that line to the configuration.php file if that line does not already exist. Another way to address the vulnerability is to simply add the line to your configuration.php file manually.
Pogledao sam i u mom cofig fajlu postoji ova linija if(!defined('RG_EMULATION')) { define( 'RG_EMULATION', 0 ); }. Inače instalirana verzija je Joomla! 1.0.13. Nebih smeo da pustim da se ovo automatski odradi. A nemam lokalnu verziju da testiram.

User avatar
BSD
Joomla! Ace
Joomla! Ace
Posts: 1948
Joined: Thu Aug 18, 2005 8:32 am
Location: Belgrade, Serbia
Contact:

Re: Novi sigunosni patch ?!? Joomla! 1.0.15

Post by BSD » Fri Mar 07, 2008 11:50 am

Ne, Joomla! 1.0.15 ne donosi samo to ali je to jedna od bitnijih izmena. Mislim da nikada necu moci dovoljno da potenciram da se Joomla! krpi cim izadje nova verzija jer problemi koje ima jesu ozbiljni i napadacu nije potrebno gotovo nista do browsera da ti smakne sajt. Dakle, ako izadje zakrpa staviti je sto pre. Jako prosto pravilo.:) Ako malo bolje pogledas taj patch videces da su samo neki fajlovi izmenjeni... proceni sta se od tih fajlova poklapa sa onim sto si ti menjao ali mislim da ces bez problema moci da uradis update i da ne izgubis nista od onog sto si menjao.;) Na kraju, smakni sajt na lokal pa testiraj. Jos jedno zlatno pravilo.:)
Marko Milenović
Member of the Serbian Joomla! Translation Team
http://www.joomla-serbia.com/

User avatar
ajfile
Joomla! Guru
Joomla! Guru
Posts: 595
Joined: Tue Sep 18, 2007 2:59 pm
Location: Beograd
Contact:

Re: Novi sigunosni patch ?!? Joomla! 1.0.15

Post by ajfile » Fri Mar 07, 2008 12:38 pm

ok, jasno i logično

hvala..

PS. problem je što trenutno nemam vremena da to uradim, pa se pitam hoću li preživeti ako to uradim za dve nedelje.

User avatar
BSD
Joomla! Ace
Joomla! Ace
Posts: 1948
Joined: Thu Aug 18, 2005 8:32 am
Location: Belgrade, Serbia
Contact:

Re: Novi sigunosni patch ?!? Joomla! 1.0.15

Post by BSD » Fri Mar 07, 2008 12:52 pm

To ces saznati u periodu od dve nedelje.;)
Marko Milenović
Member of the Serbian Joomla! Translation Team
http://www.joomla-serbia.com/

User avatar
ajfile
Joomla! Guru
Joomla! Guru
Posts: 595
Joined: Tue Sep 18, 2007 2:59 pm
Location: Beograd
Contact:

Re: Novi sigunosni patch ?!? Joomla! 1.0.15

Post by ajfile » Fri Mar 07, 2008 2:30 pm

hahahahaha :laugh: :laugh: :laugh:
e nasmeja me mudrim odgovorom

upravu si skroz


Locked

Return to “Bezbednost”