=====================================================================

                           CERT-Renater

               Note d'Information No. 2013/VULN475
_____________________________________________________________________

DATE                : 23/10/2013

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S):  Windows running Simple Machines Forum versions
                            1.1.x , 2.0.x prior to 1.1.19, 2.0.6.

======================================================================
http://www.simplemachines.org/community/index.php?topic=512964.0
______________________________________________________________________

 SMF 1.1.19 and 2.0.6 critical security patches released
« on: October 21, 2013, 10:18:01 AM »

Dear users,

Simple Machines Forum has released security patches to both the 1.1.x
and the 2.0.x release lines. This brings our released versions to SMF
1.1.19 and SMF 2.0.6.

Several security issues were identified in both release lines and have
been addressed with this patch.  It is, therefore, recommended that you
update your forums immediately to ensure that your community is safe.
In addition to the security patches, a few bug fixes for the SMF 2.0
line have also been included in the 2.0.6 patch.

If you are running version 2.0.5, you can update your forum to version
2.0.6 using the package manager. As usual, you should see the upgrade
notification in the Admin panel and in the package manager, which will
allow you to download and install the patch seamlessly.  If you don't
see the notification about the update, please run the scheduled task
"Fetch Simple Machines files".  You can also download the patch for
2.0.6 from the customize site by downloading the :
smf_patch_1.1.19_2.0.6.tar.gz patch file, and then installing it from
the package manager, like any other mod package.

If you are running 1.1.18, you can update to 1.1.19 by using the
smf_patch_1.1.19_2.0.6.tar.gz patch file and installing it via the
package manager as well.  If you are still using 1.1.x branch, please
be aware this may be one of the last patches released for this version,
so you are strongly urged to upgrade to 2.0.6, in order to be able to
continue to receive security upgrades to your forum.

If you use older versions of SMF, you can upgrade by using the full
upgrade archive for version 2.0.6 from the downloads page. Be aware
that using this upgrade method will require you to reinstall your mods
with ones designed for the 2.0.x line

You can also view the change log for the latest release, as usual, on
the downloads page.

If you are having problems downloading the patch from the admin panel,
you can download the package from the upgrade patches page and install
it like a mod, as instructed above.

Please refer to the Online Manual for more details about:
* upgrading
* patching

Please do not use this topic for support requests.  You will receive a
much quicker and better response by posting in the relevant support
board!

Thank you for using SMF! :)


Regards,
Simple Machines Forum



=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================