DV Hardware software and download news

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news about processors, graphics cards, memory, NVIDIA, ATi, Intel, AMD, XGI
December 8, 2016 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 74 people online.

 

Latest Reviews
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
ZOWIE G-TF Rough mousepad
ROCCAT Isku FX gaming keyboard
Prolimatech Magnetic Pin
 

Follow us
RSS
 

Wordpress 2.6.2

Posted on Wednesday, September 10 2008 @ 14:12:36 CEST by

Changelog:
Stefan Esser recently warned developers of the dangers of SQL Column Truncation and the weakness of mt_rand(). With his help we worked around these problems and are now releasing WordPress 2.6.2. If you allow open registration on your blog, you should definitely upgrade. With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password. The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit. However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password. Stefan Esser will release details of the complete attack shortly. The attack is difficult to accomplish, but its mere possibility means we recommend upgrading to 2.6.2.

Other PHP apps are susceptible to this class of attack. To protect all of your apps, grab the latest version of Suhosin. If you’ve already updated Suhosin, your existing WordPress install is already protected from the full exploit. You should still upgrade to 2.6.2 if you allow open user registration so as to prevent the possibility of passwords being randomized.

2.6.2 also contains a handful of bug fixes.
Program Information

Category:
Internet and communication
Type:
Free


Version:
2.6.2
Size:

Works on:
/


Product page: here

Download: Wordpress 2.6.2





 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2016 DM Media Group bvba