Thursday 25 March 2010 9:55:43 am
By : Nicolas Pastorino
Today was released the EZSA-2010-001 security advisory, fixing a remote vulnerability in eZ Search. Please read carefully.
This advisory must be acknowledged immediately for any website running eZ Publish version from 3.7 to 4.2. The risk is reduced for website using eZ Find as search engine and the default search interfaces. It must otherwise be fixed promptly to fully remove the flaw.
The eZ Publish Premium instances were addressed, but all other instances must be handled manually, by applying a series of 3 patches.Find all details, plus patches here : http://ez.no/developer/security/security_advisories/ez_publish_4_2/ezsa_2010_001_remote_vulnerability_in_ez_search
EDIT :
Here are the official combined patches :
Please note that the combined patch for eZ Publish 4.1.4 also applies to 4.0.7.
From the command line, applying the patch takes two steps, from eZ Publish's root :
First, simulate it :
$> patch --dry-run -p0 < SA_2010_001_combined_patch_41.diff
You should get a message like this :
patching file kernel/search/plugins/ezsearchengine/ezsearchengine.php Hunk #1 succeeded at 586 (offset -3 lines). Hunk #2 succeeded at 603 (offset -3 lines). Hunk #3 succeeded at 673 (offset -3 lines). patching file kernel/content/advancedsearch.php Hunk #1 succeeded at 156 (offset 6 lines).
Then do apply it, if you received success messages like above (which may slightly vary) :
$> patch -p0 < SA_2010_001_combined_patch_41.diff
The patches will be committed to the public SVN repository soon. As for any Security Advisory, no further detail will be provided on the existing exploit methods and possible consequences. You are encouraged to acknowledge this Security Advisory seriously and take the appropriate actions.