Jay
MR-Disabled
Über Jedi
 Offline
Posts: 1560
|
 |
« on: February 28, 2006, 11:08:21 AM » |
|
Hey there everyone, If you are using Mambo CMS Please note the following:Currently, Version 4.5.3h is available in Fantastico, however, due to a recent security flaw in the Mambo CMS version available through CPanel's Fantastico Scripts, we will be disabling the installer until the security update has been included through Fantastico. Here's the quickest way to patch your Mambo CMS to comply with the recent security update. 1. Go here --> http://secunia.com/advisories/18935/ to read more about it. 2. "Go to Mamboforge for the Security Update"Depending on the version you have enabled you'll need the patch for either version 4.5.3 or version 4.5.3h. If you have Version 4.5.3 installed, download:[li] MamboV4.5.3_SecurityPatch1.zip[/li] [/list] If you have Version 4.5.3h installed, download:[li] MamboV4.5.3h_SecurityPatch1.zip[/li] [/list] 3. Extract the .zip file to your Desktop. There will be two folders components and includesFrom here we will now install these two files to your account: FIRST:- open the components folder, to find the com_content folder
- open the com_content folder, where you will find the content.php file
- upload the new content.php file to your account, replacing the existing content.php file. (It is located in your mambo directory under /components/com_content/)
NEXT:- open the includes folder, to find the mambo.php file
- upload the new mambo.php file to your account, replacing the existing mambo.php file (located in your mambo directory under /includes/)
Once all that is done, everything should be secured. If you require assistance with this, please be sure to post back here, or post up on the Mamboserver forums -> http://forum.mamboserver.com/The following Thread should be of assistance: http://forum.mamboserver.com/showthread.php?t=73494I hope this helps. - Jay |
|
|
|
« Last Edit: February 28, 2006, 11:13:56 AM by Jay »
|
Logged
|
|
|
|
|
RAT
|
 |
« Reply #1 on: February 28, 2006, 11:54:55 AM » |
|
What about 4.5.1a Stable  RAT |
|
|
|
|
Logged
|
|
|
|
Jay
MR-Disabled
Über Jedi
Offline
Posts: 1560
|
|
« Reply #2 on: February 28, 2006, 12:44:34 PM » |
|
There's the option to upgrade to the most recent version 4.5.3h, and then apply the patch. Or visit the following thread at the Mambo forums: http://forum.mamboserver.com/showthread.php?t=73494any additional assistance, for older versions would need to be obtained through Mambo forums. - Jay |
|
|
|
|
Logged
|
|
|
|
|
RAT
|
|
« Reply #3 on: February 28, 2006, 03:41:56 PM » |
|
So those detailed changes found at the link you gave above are recommended for earlier versions such as mine ? I dont like fixing things that arent broken, so what is recommended of my version, I have customizations and bridges etc,,, ??
RAT
|
|
|
|
|
Logged
|
|
|
|
|
minotaur
|
|
« Reply #4 on: March 03, 2006, 07:30:51 AM » |
|
Have you any guidance re installations of Joomla (fork of Mambo)? I have Joomla 1.0.8 and 1.0.7 running on Lunarpages servers. These are NOT Mambo 4.5 Stable 1.0.8 or 1.0.7 (Joomla has a new numbering series).
Also, are there specific components and/or modules and/or mambots that are vulnerable?
The list that I received via email from Lunarpages indicated Phil-A-forms and TFSMambo are among the vulnerable components. Comment?
|
|
|
|
|
Logged
|
|
|
|
|
RAT
|
|
« Reply #5 on: March 03, 2006, 10:49:46 AM » |
|
So those detailed changes found at the link you gave above are recommended for earlier versions such as mine ? I dont like fixing things that arent broken, so what is recommended of my version, I have customizations and bridges etc,,, ??
Have you any guidance re installations of Joomla (fork of Mambo)? I have Joomla 1.0.8 and 1.0.7 running on Lunarpages servers. These are NOT Mambo 4.5 Stable 1.0.8 or 1.0.7 (Joomla has a new numbering series).
Also, are there specific components and/or modules and/or mambots that are vulnerable?
The list that I received via email from Lunarpages indicated Phil-A-forms and TFSMambo are among the vulnerable components. Comment? Anyone ? |
|
|
|
|
Logged
|
|
|
|
|
|
Jay
MR-Disabled
Über Jedi
Offline
Posts: 1560
|
|
« Reply #7 on: March 03, 2006, 01:31:36 PM » |
|
Joomla customers will be fine provided they're using the latest versions  The notifications that you may have received is sent as a courtesy reminder to ensure you have the latest security updates installed. - Jay |
|
|
|
|
Logged
|
|
|
|
|
Rowan
|
|
« Reply #8 on: March 03, 2006, 04:28:59 PM » |
|
Thats for the email, i had been meaning to upgrade for a while!
There used to be an option in fantastico to convert mambo->joomla, what happened to that?
|
|
|
|
|
Logged
|
|
|
|
|
pimster
|
|
« Reply #9 on: March 03, 2006, 06:35:46 PM » |
|
I'm using 4.5.2.3 and need to go to 4.5.3. The problem I had when doing this on a test server (not at LunarPages) was a conflict between gzip and ob_gzhandler. Evidently, this is a known PHP bug. The result is your content doesn't show.
But has anyone run into similar issues after ugrading to 4.5.3h?
|
|
|
|
|
Logged
|
|
|
|
|
pimster
|
|
« Reply #10 on: March 05, 2006, 06:56:46 PM » |
|
The nice about rainy weekends is you can get caught up on projects. Updating Mambo was one of them.
As mentioned earlier, I was hesitant to go from 4.5.2.3 to 4.5.3h because I ran into a conflict on another test server. And no, it wasn't hosted by LunarPages. Because this update was security related I figured I should do it anyway.
I backed up all my production files using CuteFTP to my notebook. I then did a compare between the upgrade files and new files using Beyond Compare. There were about 4 files I had customized and I wanted to fold my changed back in. Files like footer.php and english.php.
I then uploaded the 4.5.3h files back to LunarPages. Success! I then installed the security patch which was only 2 files or so.
If you were concerned like I was about the Gzip conflict, I think you're OK.
|
|
|
|
|
Logged
|
|
|
|
Thrasher
Newbie
Offline
Posts: 3
|
|
« Reply #11 on: March 06, 2006, 01:13:14 AM » |
|
Thats for the email, i had been meaning to upgrade for a while!
There used to be an option in fantastico to convert mambo->joomla, what happened to that?
I'd like to know this as well because I also want to upgrade from mambo to joomla. |
|
|
|
|
Logged
|
|
|
|
Jay
MR-Disabled
Über Jedi
Offline
Posts: 1560
|
|
« Reply #12 on: March 06, 2006, 05:06:29 AM » |
|
that option may not be available as Mambo is not available for install through Fantastico at this time.
Once the Mambo security patch is included with Fantastico, I'm sure Mambo, and the Mambo -> Joomla conversion option will be available once again.
- Jay
|
|
|
|
|
Logged
|
|
|
|
Thrasher
Newbie
Offline
Posts: 3
|
|
« Reply #13 on: March 06, 2006, 07:40:39 AM » |
|
I hope you're right, because all components I use are leaving Mambo behind and will only support Joomla. If the Mambo -> Joomla conversion option has been disabled temporarily then why is the upgrade to 4.5.3h option still present in fantastico? |
|
|
|
|
Logged
|
|
|
|
Jay
MR-Disabled
Über Jedi
Offline
Posts: 1560
|
|
« Reply #14 on: March 06, 2006, 07:48:48 AM » |
|
what server are you on?
- Jay
|
|
|
|
|
Logged
|
|
|
|
|
