===================================================================== CERT-Renater Note d'Information No. 2008/VULN071 _____________________________________________________________________ DATE : 22/02/2008 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Invision Power Board. ====================================================================== http://forums.invisionpower.com/index.php?showtopic=269961 ______________________________________________________________________ IP.Board 2.3.4 Security Enhancements We are releasing a minor security update to address issues recently reported regarding areas of IP.Board 2.3.4. These security issues are rather low priority and the impact is minimal due to other security features in the software. Issue Due to Internet Explorer's overly zealous and often ambitious parsing engine, specifically crafted BBCodes can contain javascript. This issue is mitigated due to the use of httpOnly cookies which makes this more of a nuisance than a genuine threat. Patching Your IP.Board The IP.Board 2.3.4 download in the client area has already been updated with the required changes. If you download IP.Board after the date of this announcement your installation will be up to date. Changed Files Download the zip file below which includes only the changed files for this update. Simply upload and overwrite the old files. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================