OpenX takes security seriously. Recently we became aware of a security issue with OpenX Source v. 2.8.10 (the open source ad serving product) whereby the binary distribution of v. 2.8.10 was compromised, and two of the files were replaced with two new modified files that contained a remote code execution vulnerability.


In response to this situation, we have released OpenX Source v. 2.8.11. OpenX Source v. 2.8.10 users should visit - http://forum.openx.org/index.php?showtopic=503521628 - for comprehensive instructions for remediation. This is a mandatory upgrade for all users of the OpenX Source v. 2.8.10 and should be applied immediately.


This vulnerability only applies to the free downloadable open source product, OpenX Source. Its important to note that all of OpenXs main suite of products, including OpenX Enterprise (ad serving), OpenX Market (exchange) and OpenX Lift (SSP) are not affected in any way and customers of those products should be advised that no action is necessary.


We are taking this opportunity to remind the OpenX Source community that its critical to the safe maintenance and operation of any software that you not only maintain a current version of the software, but also take steps to regularly audit accounts that have access to your system.


In accordance with our information security practices, a security advisory will be published. Users are encouraged to notify security@openx.com should they see any future security issues.


 






[img]http://feeds.feedburner.com/~ff/OpenadsBlog?i=kxvWsgUmPyc:39QyKcuoJxU:D7DqB2pKExk[/img]</img> [img]http://feeds.feedburner.com/~ff/OpenadsBlog?d=yIl2AUoC8zA[/img]</img> [img]http://feeds.feedburner.com/~ff/OpenadsBlog?i=kxvWsgUmPyc:39QyKcuoJxU:V_sGLiPBpWU[/img]</img> [img]http://feeds.feedburner.com/~ff/OpenadsBlog?d=7Q72WNTAKBA[/img]</img> [img]http://feeds.feedburner.com/~ff/OpenadsBlog?d=I9og5sOYxJI[/img]</img>
[img]http://feeds.feedburner.com/~r/OpenadsBlog/~4/kxvWsgUmPyc[/img]

View the full article

View the full article