In urma cu aproximativ 14 ore WordPress.org au dat un anunt prin care avertizeaza ca versiunea wordpress 2.1.1 disponibila la download pe serverul lor in ultimile 3-4 zile are fisiere ce contin un ausbeuten. Din cate spun ei cracker-ul ar fi fost o persoana cu access la serverul wordpress.org , acest lucru permitandu`i sa modifice doua fisiere. Irelevant acum cine a fost crackerul. Important este ca toti care au descarcat si instalat wp. 2.1.1 in ultimile zile sa-si faca upgrade urgent.
Nu vreau sa ma gandesc cati bloggeri trebuie sa faca upgrade urgent la noua versiune 2.1.2.
If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.
….
If your blog is running 2.1.1, please upgrade immediately and do a full overwrite of your old files, especially those in wp-includes. Check out your friends blogs and if any of them are running 2.1.1 drop them a note and, if you can, pitch in and help them with the upgrade.
If you are a web host or network administrator, block access to “theme.php” and “feed.php”, and any query string with “ix=” or “iz=” in it. If you’re a customer at a web host, you may want to send them a note to let them know about this release and the above information.
Quelle: WordPress.org
