===================================================================== CERT-Renater Note d'Information No. 2010/VULN264 _____________________________________________________________________ DATE : 27/07/2010 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running vBulletin version 3.8.6. ====================================================================== http://www.vbulletin.com/forum/showthread.php?357818-Security-Patch-Release-3.8.6-PL1 ______________________________________________________________________ Security Patch Release 3.8.6 PL1 It has come to our attention that 3.8.6 contains a security exploit related to the FAQ. If you have already installed vB 3.8.6, then follow these instructions in order to fix this: 1. First, download the 3.8.6 PL1 patch here: http://members.vbulletin.com/patches.php 2. Delete the existing vbulletin-language.xml file from your 'install' directory. Then upload the new one to that directory. Make sure you upload this in ASCII format. 3. Next upload the two files in that patch: includes/version_vbulletin.php install/vbulletin-language.xml 4. Go into your Admin CP and run this: Admin CP -> Languages & Phrases -> Download/Upload Languages -> Import Language XML File Then leave the settings as they are and click on Import. Also please note that if you have not upgraded to 3.8.6 yet, the download has already been patched. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================