WordPress 2.6.2 released for security reasons

Sep 09, 2008

Free blog software WordPress notifies of a security update in its 2.6.2 version.

The WordPress security breaches were discoverd by Stefan Esser. They are based partly on SQL column truncation and partly on the weakness of the mt_rand() function. These breaches are especially noticeable if open registration is allowed on the blog. An immediate WordPress upgrade is recommended for such blogs.

As the developers make clear in their announcement, it is possible in WordPress to reset another user's password. Taken alone this may be a mere annoyance to users, but combined with the weakness of the mt_rand() function there is a risk that the randomly generated password can be predicted. The discoverer of this security breach will release details soon. Possible other PHP applications are susceptible, according to the WordPress Blog. The project recommends a patch, but certainly an upgrade to 2.6.2 in case open user registration is enabled. The upgrade also includes a number of bug fixes.

Related content

comments powered by Disqus

Issue 237/2020

Buy this issue as a PDF

Digital Issue: Price $12.99
(incl. VAT)

News

Tag Cloud

Administration Community Desktop Events Hardware Linux Linux Pro Magazine Mobile Programming Software Ubuntu Web Development Windows free software open source