If you are using WordPress, make sure to upgrade it now. The version 3.1.3 was just released with a few security fixes:
* Various security hardening by Alexander Concha.
* Taxonomy query hardening by John Lamansky.
* Prevent sniffing out user names of non-authors by using canonical redirects. Props Veronica Valeros.
* Media security fixes by Richard Lundeen of Microsoft, Jesse Ou of Microsoft, and Microsoft Vulnerability Research.
* Improves file upload security on hosts with dangerous security settings.
* Cleans up old WordPress import files if the import does not finish.
* Introduce “clickjacking” protection in modern browsers on admin and login pages.
You can download the new version here or just follow their automated (very simple) update process.. Those were all the files changed from 3.1.2 to 3.1.3:
Files wordpress-3.1.2/readme.html and wordpress-3.1.3/readme.html differ
Files wordpress-3.1.2/wp-admin/admin-ajax.php and wordpress-3.1.3/wp-admin/admin-ajax.php differ
Files wordpress-3.1.2/wp-admin/custom-background.php and wordpress-3.1.3/wp-admin/custom-background.php differ
Files wordpress-3.1.2/wp-admin/custom-header.php and wordpress-3.1.3/wp-admin/custom-header.php differ
Files wordpress-3.1.2/wp-admin/includes/class-wp-plugins-list-table.php and wordpress-3.1.3/wp-admin/includes/class-wp-plugins-list-table.php differ
Files wordpress-3.1.2/wp-admin/includes/import.php and wordpress-3.1.3/wp-admin/includes/import.php differ
Files wordpress-3.1.2/wp-admin/includes/media.php and wordpress-3.1.3/wp-admin/includes/media.php differ
Files wordpress-3.1.2/wp-admin/includes/post.php and wordpress-3.1.3/wp-admin/includes/post.php differ
Files wordpress-3.1.2/wp-admin/includes/template.php and wordpress-3.1.3/wp-admin/includes/template.php differ
Files wordpress-3.1.2/wp-admin/includes/update-core.php and wordpress-3.1.3/wp-admin/includes/update-core.php differ
Files wordpress-3.1.2/wp-admin/ms-delete-site.php and wordpress-3.1.3/wp-admin/ms-delete-site.php differ
Files wordpress-3.1.2/wp-admin/plugins.php and wordpress-3.1.3/wp-admin/plugins.php differ
Files wordpress-3.1.2/wp-admin/press-this.php and wordpress-3.1.3/wp-admin/press-this.php differ
Files wordpress-3.1.2/wp-app.php and wordpress-3.1.3/wp-app.php differ
Files wordpress-3.1.2/wp-includes/canonical.php and wordpress-3.1.3/wp-includes/canonical.php differ
Files wordpress-3.1.2/wp-includes/class-oembed.php and wordpress-3.1.3/wp-includes/class-oembed.php differ
Files wordpress-3.1.2/wp-includes/default-filters.php and wordpress-3.1.3/wp-includes/default-filters.php differ
Files wordpress-3.1.2/wp-includes/formatting.php and wordpress-3.1.3/wp-includes/formatting.php differ
Files wordpress-3.1.2/wp-includes/functions.php and wordpress-3.1.3/wp-includes/functions.php differ
Files wordpress-3.1.2/wp-includes/meta.php and wordpress-3.1.3/wp-includes/meta.php differ
Files wordpress-3.1.2/wp-includes/post.php and wordpress-3.1.3/wp-includes/post.php differ
Files wordpress-3.1.2/wp-includes/query.php and wordpress-3.1.3/wp-includes/query.php differ
Files wordpress-3.1.2/wp-includes/taxonomy.php and wordpress-3.1.3/wp-includes/taxonomy.php differ
Files wordpress-3.1.2/wp-includes/theme.php and wordpress-3.1.3/wp-includes/theme.php differ
Files wordpress-3.1.2/wp-includes/version.php and wordpress-3.1.3/wp-includes/version.php differ
Files wordpress-3.1.2/wp-login.php and wordpress-3.1.3/wp-login.php differ
Remember, the first step for a secure site, is an updated site! We also recommend the following WordPress security plugin if you want to harden your WordPress install: http://sucuri.net/wordpress-security-monitoring.
Leave a reply
