FreeBSD Security Update(s) Issued

A couple patches were released for FreeBSD to address various security vulnerabilities and it is recommended that you update as soon as possible.

Official Links:

https://www.freebsd.org/security/advisories/FreeBSD-SA-15:03.sctp.asc

https://www.freebsd.org/security/advisories/FreeBSD-SA-15:02.kmem.asc

Please look at the affected versions under each security advisory to determine if you are impacted and need to take any action.

vBSEO Possible Exploit

vBulletin has notified that there is a possible exploit in vBSEO. Given that the software is no longer being developed, you will have to manually apply the fix:

vbseo/includes/functions_vbseo_hook.php:

if(isset($_REQUEST[‘ajax’]) && isset($_SERVER[‘HTTP_REFERER’]))
$permalinkurl = $_SERVER[‘HTTP_REFERER’].$permalinkurl;

Should be changed to:

// if(isset($_REQUEST[‘ajax’]) && isset($_SERVER[‘HTTP_REFERER’]))
// $permalinkurl = $_SERVER[‘HTTP_REFERER’].$permalinkurl;

Ongoing Discussion via WHT:

http://www.webhostingtalk.com/showthread.php?t=1444268