Joeychgo
01-07-2005, 07:10 AM
JELSOFT SECURITY BULLETIN
http://www.vbulletin.com/
January 7th, 2005
This email contains important security-related information.
Please read it carefully.
* vBulletin 3.0.4 / 3.0.5 Released
* Important Warning About Sensitive Data
* Security Issues in PHP 4.3.9, 5.0.2 & Older
* Your License Information
* Contact Us
------------ VBULLETIN 3.0.4 / 3.0.5 RELEASED ------------
The discovery of a serious security vulnerability in
versions of vBulletin 3 up to and including 3.0.4 has
necessitated the immediate release of a version to plug
the hole. This is a CRITICAL update, and we urge all
customers running affected software to upgrade vBulletin
with the utmost urgency.
vBulletin 3.0.5 includes all the updates recently released
as part of vBulletin 3.0.4, including a long list of fixes
for minor annoyances and bugs found since version 3.0.3.
vBulletin 3.0.5 is available for immediate download from
the vBulletin Members' Area.
http://www.vbulletin.com/members/
If you are unable to upgrade immediately, you should at
least download the patched version of includes/init.php
from the release announcement thread and replace your
existing version with it.
Please read the announcement for upgrade and installation
instructions, as well as the list of bugs fixed and other
changes:
http://www.vbulletin.com/forum/showthread.php?t=125480
--------- IMPORTANT WARNING ABOUT SENSITIVE DATA ---------
Due to the nature of the vulnerability discovered in
vBulletin 3, and as part of our ongoing effort to maximize
security, we must assume that one or all of the vBulletin
servers may have been compromised.
Therefore, we would STRONGLY RECOMMEND that any customers
who may have submitted sensitive data; such as vBulletin
admin control panel or server login details, to Jelsoft
staff in the past should take steps to alter these details,
so that any information that may have been accessed by an
unauthorized party could not be used.
We would like to reassure our customers that Jelsoft keeps
NO RECORD of credit card numbers used in transactions,
making it impossible for these details to be discovered or
abused.
Additionally, steps have been taken and are ongoing to
ensure that any potentially leaked data does not contain
sensitive data.
------ SECURITY ISSUES IN PHP 4.3.9, 5.0.2 & OLDER -------
The PHP development team recently released PHP 4.3.10 and
5.0.3 in order to patch serious security issues in previous
versions.
With the emergence of malicious code such as the
Santy/NeverEverNoSanity worms, which are responsible for
defacing and damaging a large number of sites, we join with
the PHP team in advising all customers running PHP versions
older than 4.3.10 or 5.0.3 to upgrade as soon as possible
to one of the patched versions.
---------------- YOUR LICENSE INFORMATION ----------------
You can use this information to log into the members area
and download vBulletin 3.0.5:
Customer Number: 682690699056
If you have misplaced your customer password, you can
request that it be re-sent to your registered email
address using the following form:
http://www.vbulletin.com/members/lostpw.php
You can use this information to log into the members area:
http://www.vbulletin.com/members/
-------------------- CONTACT US --------------------------
Got a vBulletin technical query? Contact support:
http://www.vbulletin.com/support/
For all other queries, please visit this page:
http://www.vbulletin.com/contact.php
----------------------------------------------------------
This periodic email newsletter is delivered to all current
vBulletin customers, and contains information about new
software versions and Jelsoft.com/vBulletin.com web site
features and content. If you have any questions or
comments about this mailing, please contact us.
Copyright (c) 2000-2005, Jelsoft Enterprises Limited
http://www.vbulletin.com/
January 7th, 2005
This email contains important security-related information.
Please read it carefully.
* vBulletin 3.0.4 / 3.0.5 Released
* Important Warning About Sensitive Data
* Security Issues in PHP 4.3.9, 5.0.2 & Older
* Your License Information
* Contact Us
------------ VBULLETIN 3.0.4 / 3.0.5 RELEASED ------------
The discovery of a serious security vulnerability in
versions of vBulletin 3 up to and including 3.0.4 has
necessitated the immediate release of a version to plug
the hole. This is a CRITICAL update, and we urge all
customers running affected software to upgrade vBulletin
with the utmost urgency.
vBulletin 3.0.5 includes all the updates recently released
as part of vBulletin 3.0.4, including a long list of fixes
for minor annoyances and bugs found since version 3.0.3.
vBulletin 3.0.5 is available for immediate download from
the vBulletin Members' Area.
http://www.vbulletin.com/members/
If you are unable to upgrade immediately, you should at
least download the patched version of includes/init.php
from the release announcement thread and replace your
existing version with it.
Please read the announcement for upgrade and installation
instructions, as well as the list of bugs fixed and other
changes:
http://www.vbulletin.com/forum/showthread.php?t=125480
--------- IMPORTANT WARNING ABOUT SENSITIVE DATA ---------
Due to the nature of the vulnerability discovered in
vBulletin 3, and as part of our ongoing effort to maximize
security, we must assume that one or all of the vBulletin
servers may have been compromised.
Therefore, we would STRONGLY RECOMMEND that any customers
who may have submitted sensitive data; such as vBulletin
admin control panel or server login details, to Jelsoft
staff in the past should take steps to alter these details,
so that any information that may have been accessed by an
unauthorized party could not be used.
We would like to reassure our customers that Jelsoft keeps
NO RECORD of credit card numbers used in transactions,
making it impossible for these details to be discovered or
abused.
Additionally, steps have been taken and are ongoing to
ensure that any potentially leaked data does not contain
sensitive data.
------ SECURITY ISSUES IN PHP 4.3.9, 5.0.2 & OLDER -------
The PHP development team recently released PHP 4.3.10 and
5.0.3 in order to patch serious security issues in previous
versions.
With the emergence of malicious code such as the
Santy/NeverEverNoSanity worms, which are responsible for
defacing and damaging a large number of sites, we join with
the PHP team in advising all customers running PHP versions
older than 4.3.10 or 5.0.3 to upgrade as soon as possible
to one of the patched versions.
---------------- YOUR LICENSE INFORMATION ----------------
You can use this information to log into the members area
and download vBulletin 3.0.5:
Customer Number: 682690699056
If you have misplaced your customer password, you can
request that it be re-sent to your registered email
address using the following form:
http://www.vbulletin.com/members/lostpw.php
You can use this information to log into the members area:
http://www.vbulletin.com/members/
-------------------- CONTACT US --------------------------
Got a vBulletin technical query? Contact support:
http://www.vbulletin.com/support/
For all other queries, please visit this page:
http://www.vbulletin.com/contact.php
----------------------------------------------------------
This periodic email newsletter is delivered to all current
vBulletin customers, and contains information about new
software versions and Jelsoft.com/vBulletin.com web site
features and content. If you have any questions or
comments about this mailing, please contact us.
Copyright (c) 2000-2005, Jelsoft Enterprises Limited