Blogs / eZ / Security advisory, promptly patch your eZ Publish instances

Security advisory, promptly patch your eZ Publish instances

Thursday 25 March 2010 9:55:43 am

Currently 3 out of 5 Stars.
1
2
3
4
5

Today was released the EZSA-2010-001 security advisory, fixing a remote vulnerability in eZ Search. Please read carefully.

This advisory must be acknowledged immediately for any website running eZ Publish version from 3.7 to 4.2. The risk is reduced for website using eZ Find as search engine and the default search interfaces. It must otherwise be fixed promptly to fully remove the flaw.

The eZ Publish Premium instances were addressed, but all other instances must be handled manually, by applying a series of 3 patches.Find all details, plus patches here : http://ez.no/developer/security/security_advisories/ez_publish_4_2/ezsa_2010_001_remote_vulnerability_in_ez_search

EDIT :
Here are the official combined patches :

eZ Publish 4.1.4: SA_2010_001_combined_patch_41.diff
eZ Publish 4.2.0 : SA_2010_001_combined_patch_42.diff

Please note that the combined patch for eZ Publish 4.1.4 also applies to 4.0.7.

From the command line, applying the patch takes two steps, from eZ Publish's root :

First, simulate it :

$> patch --dry-run -p0 < SA_2010_001_combined_patch_41.diff

You should get a message like this :

patching file kernel/search/plugins/ezsearchengine/ezsearchengine.php
Hunk #1 succeeded at 586 (offset -3 lines).
Hunk #2 succeeded at 603 (offset -3 lines).
Hunk #3 succeeded at 673 (offset -3 lines).
patching file kernel/content/advancedsearch.php
Hunk #1 succeeded at 156 (offset 6 lines).

Then do apply it, if you received success messages like above (which may slightly vary) :

$> patch -p0 < SA_2010_001_combined_patch_41.diff

The patches will be committed to the public SVN repository soon. As for any Security Advisory, no further detail will be provided on the existing exploit methods and possible consequences. You are encouraged to acknowledge this Security Advisory seriously and take the appropriate actions.

Blog Post Discussion

Security advisory, promptly patch your eZ Publish instances

eZ debug

Timing:

Jan 17 2025 23:51:20

Script start

Timing:

Jan 17 2025 23:51:20

Module start 'content'

Timing:

Jan 17 2025 23:51:20

Module end 'content'

Timing:

Jan 17 2025 23:51:20

Script end

Main resources:

Total runtime

0.2244 sec

Peak memory usage

6,144.0000 KB

Database Queries

205

Timing points:

Checkpoint	Start (sec)	Duration (sec)	Memory at start (KB)	Memory used (KB)
Script start	0.0000	0.0068	589.2969	180.8047
Module start 'content'	0.0068	0.0825	770.1016	488.8906
Module end 'content'	0.0893	0.1351	1,258.9922	406.8203
Script end	0.2243		1,665.8125

Checkpoint

Start (sec)

Duration (sec)

Memory at start (KB)

Memory used (KB)

Script start

0.0000

0.0068

589.2969

180.8047

Module start 'content'

0.0068

0.0825

770.1016

488.8906

Module end 'content'

0.0893

0.1351

1,258.9922

406.8203

Script end

0.2243

1,665.8125

Time accumulators:

Accumulator	Duration (sec)	Duration (%)	Count	Average (sec)
Ini load
Load cache	0.0039	1.7507	21	0.0002
Check MTime	0.0014	0.6230	21	0.0001
Mysql Total
Database connection	0.0008	0.3351	1	0.0008
Mysqli_queries	0.1481	65.9827	205	0.0007
Looping result	0.0018	0.7940	203	0.0000
Template Total	0.1999	89.1	2	0.0999
Template load	0.0019	0.8615	2	0.0010
Template processing	0.1979	88.1990	2	0.0990
Template load and register function	0.0001	0.0414	1	0.0001
states
state_id_array	0.0012	0.5498	3	0.0004
state_identifier_array	0.0012	0.5345	4	0.0003
Override
Cache load	0.0017	0.7384	27	0.0001
Sytem overhead
Fetch class attribute name	0.0016	0.7065	3	0.0005
Fetch class attribute can translate value	0.0008	0.3489	1	0.0008
class_abstraction
Instantiating content class attribute	0.0000	0.0028	3	0.0000
XML
Image XML parsing	0.0002	0.1092	1	0.0002
General
dbfile	0.0019	0.8524	22	0.0001
String conversion	0.0000	0.0037	3	0.0000
Note: percentages do not add up to 100% because some accumulators overlap

Accumulator

Duration (sec)

Duration (%)

Count

Average (sec)

Ini load

Load cache

0.0039

1.7507

0.0002

Check MTime

0.0014

0.6230

0.0001

Mysql Total

Database connection

0.0008

0.3351

0.0008

Mysqli_queries

0.1481

65.9827

205

0.0007

Looping result

0.0018

0.7940

203

0.0000

Template Total

0.1999

89.1

0.0999

Template load

0.0019

0.8615

0.0010

Template processing

0.1979

88.1990

0.0990

Template load and register function

0.0001

0.0414

0.0001

states

state_id_array

0.0012

0.5498

0.0004

state_identifier_array

0.0012

0.5345

0.0003

Override

Cache load

0.0017

0.7384

0.0001

Sytem overhead

Fetch class attribute name

0.0016

0.7065

0.0005

Fetch class attribute can translate value

0.0008

0.3489

0.0008

class_abstraction

Instantiating content class attribute

0.0000

0.0028

0.0000

XML

Image XML parsing

0.0002

0.1092

0.0002

General

dbfile

0.0019

0.8524

0.0001

String conversion

0.0000

0.0037

0.0000

Note: percentages do not add up to 100% because some accumulators overlap

CSS/JS files loaded with "ezjscPacker" during request:

Cache	Type	Packlevel	SourceFiles
	CSS	0	extension/community/design/community/stylesheets/ext/jquery.autocomplete.css extension/community_design/design/suncana/stylesheets/scrollbars.css extension/community_design/design/suncana/stylesheets/tabs.css extension/community_design/design/suncana/stylesheets/roadmap.css extension/community_design/design/suncana/stylesheets/content.css extension/community_design/design/suncana/stylesheets/star-rating.css extension/community_design/design/suncana/stylesheets/syntax_and_custom_tags.css extension/community_design/design/suncana/stylesheets/buttons.css extension/community_design/design/suncana/stylesheets/tweetbox.css extension/community_design/design/suncana/stylesheets/jquery.fancybox-1.3.4.css extension/bcsmoothgallery/design/standard/stylesheets/magnific-popup.css extension/sevenx/design/simple/stylesheets/star_rating.css extension/sevenx/design/simple/stylesheets/libs/fontawesome/css/all.min.css extension/sevenx/design/simple/stylesheets/main.v02.css extension/sevenx/design/simple/stylesheets/main.v02.res.css
	JS	0	extension/ezjscore/design/standard/lib/yui/3.17.2/build/yui/yui-min.js extension/ezjscore/design/standard/javascript/jquery-3.7.0.min.js extension/community_design/design/suncana/javascript/jquery.ui.core.min.js extension/community_design/design/suncana/javascript/jquery.ui.widget.min.js extension/community_design/design/suncana/javascript/jquery.easing.1.3.js extension/community_design/design/suncana/javascript/jquery.ui.tabs.js extension/community_design/design/suncana/javascript/jquery.hoverIntent.min.js extension/community_design/design/suncana/javascript/jquery.popmenu.js extension/community_design/design/suncana/javascript/jScrollPane.js extension/community_design/design/suncana/javascript/jquery.mousewheel.js extension/community_design/design/suncana/javascript/jquery.cycle.all.js extension/sevenx/design/simple/javascript/jquery.scrollTo.js extension/community_design/design/suncana/javascript/jquery.cookie.js extension/community_design/design/suncana/javascript/ezstarrating_jquery.js extension/community_design/design/suncana/javascript/jquery.initboxes.js extension/community_design/design/suncana/javascript/app.js extension/community_design/design/suncana/javascript/twitterwidget.js extension/community_design/design/suncana/javascript/community.js extension/community_design/design/suncana/javascript/roadmap.js extension/community_design/design/suncana/javascript/ez.js extension/community_design/design/suncana/javascript/ezshareevents.js extension/sevenx/design/simple/javascript/main.js

Cache

Type

Packlevel

SourceFiles

CSS

extension/community/design/community/stylesheets/ext/jquery.autocomplete.css
extension/community_design/design/suncana/stylesheets/scrollbars.css
extension/community_design/design/suncana/stylesheets/tabs.css
extension/community_design/design/suncana/stylesheets/roadmap.css
extension/community_design/design/suncana/stylesheets/content.css
extension/community_design/design/suncana/stylesheets/star-rating.css
extension/community_design/design/suncana/stylesheets/syntax_and_custom_tags.css
extension/community_design/design/suncana/stylesheets/buttons.css
extension/community_design/design/suncana/stylesheets/tweetbox.css
extension/community_design/design/suncana/stylesheets/jquery.fancybox-1.3.4.css
extension/bcsmoothgallery/design/standard/stylesheets/magnific-popup.css
extension/sevenx/design/simple/stylesheets/star_rating.css
extension/sevenx/design/simple/stylesheets/libs/fontawesome/css/all.min.css
extension/sevenx/design/simple/stylesheets/main.v02.css
extension/sevenx/design/simple/stylesheets/main.v02.res.css

extension/ezjscore/design/standard/lib/yui/3.17.2/build/yui/yui-min.js
extension/ezjscore/design/standard/javascript/jquery-3.7.0.min.js
extension/community_design/design/suncana/javascript/jquery.ui.core.min.js
extension/community_design/design/suncana/javascript/jquery.ui.widget.min.js
extension/community_design/design/suncana/javascript/jquery.easing.1.3.js
extension/community_design/design/suncana/javascript/jquery.ui.tabs.js
extension/community_design/design/suncana/javascript/jquery.hoverIntent.min.js
extension/community_design/design/suncana/javascript/jquery.popmenu.js
extension/community_design/design/suncana/javascript/jScrollPane.js
extension/community_design/design/suncana/javascript/jquery.mousewheel.js
extension/community_design/design/suncana/javascript/jquery.cycle.all.js
extension/sevenx/design/simple/javascript/jquery.scrollTo.js
extension/community_design/design/suncana/javascript/jquery.cookie.js
extension/community_design/design/suncana/javascript/ezstarrating_jquery.js
extension/community_design/design/suncana/javascript/jquery.initboxes.js
extension/community_design/design/suncana/javascript/app.js
extension/community_design/design/suncana/javascript/twitterwidget.js
extension/community_design/design/suncana/javascript/community.js
extension/community_design/design/suncana/javascript/roadmap.js
extension/community_design/design/suncana/javascript/ez.js
extension/community_design/design/suncana/javascript/ezshareevents.js
extension/sevenx/design/simple/javascript/main.js

Templates used to render the page:

Usage	Requested template	Template	Template loaded
1	node/view/full.tpl	blog_entry/full.tpl	extension/community_design/design/suncana/override/templates/blog_entry/full.tpl
2	content/datatype/view/ezxmltext.tpl	<No override>	extension/community_design/design/suncana/templates/content/datatype/view/ezxmltext.tpl
8	content/datatype/view/ezxmltags/paragraph.tpl	<No override>	extension/ezwebin/design/ezwebin/templates/content/datatype/view/ezxmltags/paragraph.tpl
1	content/datatype/view/ezxmltags/link.tpl	<No override>	design/standard/templates/content/datatype/view/ezxmltags/link.tpl
1	content/datatype/view/ezxmltags/line.tpl	<No override>	design/standard/templates/content/datatype/view/ezxmltags/line.tpl
2	content/datatype/view/ezxmltags/embed-inline.tpl	<No override>	design/standard/templates/content/datatype/view/ezxmltags/embed-inline.tpl
2	content/view/embed-inline.tpl	<No override>	design/standard/templates/content/view/embed-inline.tpl
2	content/datatype/view/ezxmltags/li.tpl	<No override>	design/standard/templates/content/datatype/view/ezxmltags/li.tpl
1	content/datatype/view/ezxmltags/ul.tpl	<No override>	design/standard/templates/content/datatype/view/ezxmltags/ul.tpl
3	content/datatype/view/ezxmltags/literal.tpl	<No override>	extension/community/design/standard/templates/content/datatype/view/ezxmltags/literal.tpl
1	content/datatype/view/ezkeyword.tpl	<No override>	extension/community_design/design/suncana/templates/content/datatype/view/ezkeyword.tpl
1	pagelayout.tpl	<No override>	extension/sevenx/design/simple/templates/pagelayout.tpl
Number of times templates used: 25 Number of unique templates used: 12

Usage

Requested template

Template

Template loaded

Edit

Override

node/view/full.tpl

blog_entry/full.tpl

extension/community_design/design/suncana/override/templates/blog_entry/full.tpl