Security Alert - please read!

Elpie · 11-01-2008, 05:29 AM

Earlier today, Team Mambo was alerted to a security vulnerability in the search component and module that generates a large number of queries if certain strings are input. This creates a major impact on the server's available resources and can lead to the site going down. While we intend to have two new releases out within this next week, the search vulnerability is of enough concern that we have just released a patch.

This vulnerability affects all versions of Mambo. It may also affect other CMS that are based on the Mambo code.

If you are using Mambo 4.5.5, please go here and download the patch file:
http://mambo-code.org/gf/download/fr...earchPatch.zip

For all versions of Mambo 4.6, please download this file:
http://mambo-code.org/gf/download/fr...earchPatch.zip

This is not an upgrade. The files contained in the release will overwrite and replace existing files. To install, either unzip locally and upload via ftp, or upload the patch and unzip on your server through your server control panel, such as cPanel.

We urge all Mambo users to apply this patch as soon as possible.

Elpie · 11-01-2008, 05:56 AM

Stand by for an update on the download links...
We hit a snag with getting them on the forge and will be updating the links in just a few minutes.

Thank you for your patience. The links to the downloads are now correct.

ocs · 12-01-2008, 05:10 AM

Just updated the file again, because there was a "debug" message stuck in 4.6 patch.

You can either browse the package at
http://mambo-code.org/gf/project/mam..._package_id=93

or grab directly http://mambo-code.org/gf/download/fr...earchPatch.zip

11-01-2008, 05:29 AM	#1
Elpie Mambo Guru Forum Admin Join Date: Jul 2006 Location: New Zealand Posts: 9,964	Security Alert - please read! Earlier today, Team Mambo was alerted to a security vulnerability in the search component and module that generates a large number of queries if certain strings are input. This creates a major impact on the server's available resources and can lead to the site going down. While we intend to have two new releases out within this next week, the search vulnerability is of enough concern that we have just released a patch. This vulnerability affects all versions of Mambo. It may also affect other CMS that are based on the Mambo code. If you are using Mambo 4.5.5, please go here and download the patch file: http://mambo-code.org/gf/download/fr...earchPatch.zip For all versions of Mambo 4.6, please download this file: http://mambo-code.org/gf/download/fr...earchPatch.zip This is not an upgrade. The files contained in the release will overwrite and replace existing files. To install, either unzip locally and upload via ftp, or upload the patch and unzip on your server through your server control panel, such as cPanel. We urge all Mambo users to apply this patch as soon as possible. Last edited by ocs; 12-01-2008 at 05:07 AM. Reason: updated links

11-01-2008, 05:56 AM	#2
Elpie Mambo Guru Forum Admin Join Date: Jul 2006 Location: New Zealand Posts: 9,964	Re: Security Alert - please read! Stand by for an update on the download links... We hit a snag with getting them on the forge and will be updating the links in just a few minutes. Thank you for your patience. The links to the downloads are now correct. __________________ Mambo Tutorials on:http://lynnepope.net/topics/mambo-tutorials Follow me: http://twitter.com/elpie Elpie needs your help: http://lynnepope.net/need-your-help Last edited by Elpie; 11-01-2008 at 06:00 AM.

12-01-2008, 05:10 AM	#3
ocs Mambo User Join Date: Mar 2007 Location: Los Angeles, CA Posts: 1,435	Re: Security Alert - please read! Just updated the file again, because there was a "debug" message stuck in 4.6 patch. You can either browse the package at http://mambo-code.org/gf/project/mam..._package_id=93 or grab directly http://mambo-code.org/gf/download/fr...earchPatch.zip Last edited by ocs; 12-01-2008 at 05:23 AM.

New To Site?	Need Help?
What is Mambo? Forum Rules Register to Participate View Forum Leaders Frequently Asked Questions	Help Us to Help You - Donate Did you forget your password? Mark Forums Read Privacy Statement Contact Us