Tags: Since we always strive to keep our community up to date on everything that’s going on at OpenX, we wanted to let you know about one particular project on which we’ve been actively working this week.
Two days ago, a series of potential vulnerabilities of the OpenX Ad Server were disclosed. Our engineers, in conjunction with our always-engaged open source community, have been working actively to quickly deal with and resolve the situation. And we’re happy to report that, in less than forty-eight hours since the disclosure, the problem is now fixed and we’ve released new versions of both 2.4 and 2.6 of the ad server, as well as OpenX Hosted. Both versions of the downloaded ad server, 2.4.10 and 2.6.4, are currently available on our download page.
We take security matters very seriously at OpenX and we know you do, too. By maintaining the security of our ad serving products, we’re able to continue to bring our vast community the comprehensive, customizable and free to use ad serving technology which you’ve come to expect. And, as ever, all of our work is part of our unceasing effort to provide you with a powerful way to control the advertising on your websites so that you can maximize your ad revenue.
To download the new versions, please click here. And, of course, if you should ever find any similar issues with any OpenX products, please let us know.
Details regarding the nature of the issues can be found in the release notes as well as in our forums.
Thank’s for this release and fix the security bugs, openx is a greate ad software, i have twitt this news: twitter.com/tuxsoul
Greeting’s :-).
Comment by tuxsoul — January 29, 2009 @ 9:08 pm
Why do you say “two days ago” as time table at Secunia clearly states otherwise: http://secunia.com/secunia_research/2009-4/
20/01/2009 - Vendor notified (requested security contact).
20/01/2009 - Vendor informs that request has been passed on to engineering team.
And why you don’t even bother to post a link that explains these issues?
Comment by ville — January 30, 2009 @ 7:18 am
Have you also fixed the PEAR parser bug (XML_Parser: no element found at XML input line 1:0 ) that was reported in 2.6.0 but are still there in 2.6.3?
It is still in my error log and in Firefox 3 the page with the widgets doesn’t show up.
Comment by Tom — January 30, 2009 @ 8:36 am
OpenX version 2.6.4 released…
OpenX version 2.6.4 was released yesterday. This upgrade is a fix to a security problem that was reported earlier in the week. The OpenX blog has the full story.
Of course, with security issues it’s always important to upgrade all instances as qu…
Trackback by OpenX tips by Erik Geurts — January 30, 2009 @ 1:07 pm
@ville,
Unfortunately, the email was sent to an autoresponder that gets checked every week or so. We became aware of the issue on Tuesday, and released a patch 48 hours later. We do take security issues very seriously, and they immediately go to the ‘top of the list’ once we become aware of them.
I will edit the post and include the link to the original security bulletin - thanks for pointing this out.
Scott
Comment by Scott Switzer — January 30, 2009 @ 5:11 pm
A few weeks ago Google made a change in their URLs used for delivering AdSense ads. The result back then was that OpenX was no longer able to count clicks on AdSense ads.
OpenX have published a patch on the blog, and promised to put that patch into the next regular releases of OpenX:
http://blog.openx.org/12/google-adsense-click-tracking-patch/
However, the time pressure to release this security fix must has meant that the AdSense click tracking patch did not make it into OpenX 2.6.4. Anyone who has applied that patch for version 2.6.3 should do so again for version 2.6.4.
Comment by Erik Geurts — February 1, 2009 @ 2:23 pm
[...] projektu OpenX - otwartego adserwera, udostępnili wersje poprawkowe usuwające szereg luk ujawnionych parę dni temu przez serwis Secunia.com. Wersje [...]
Pingback by Serwis Informacyjny Górowo.pl » Archiwa bloga » OpenX 2.6.4 łata odkryte luki bezpieczeństwa — February 2, 2009 @ 6:27 am
Thank you for release & fix bugs. I just upgrade for my site.
Comment by David James — February 3, 2009 @ 1:18 pm
One of my sites was hacked recently because of this exploit in OpenX. The issues were found on Jan 20 and also blogged by several people before this announcement.
Comment by Viktor Hane — February 5, 2009 @ 10:02 pm
[...] on Jan. 29, OpenX announced in its own blog that it had released updates to address “a series of potential vulnerabilities of the OpenX Ad Server.” Developing [...]
Pingback by Deletium » Blog Archive » Multiple Serious Vulnerabilities in OpenX Ad Server — February 11, 2009 @ 3:37 am
Soft plat! Tot up to favorite
Comment by purchasing acomplia — April 29, 2009 @ 11:03 am
this OPEN X ad aware web site just showed up on my computer and i want to know how to remove it. i have no use for it and it’s blocking me from logging onto a favorite website. it asks for an e-mail address and password and i have no idea what they want. help me please.
Comment by karen patton — May 15, 2009 @ 7:08 am
i want to install this for my website http://www.miami-cheapflights.com, can you please let me know a resource or website where i can have step by step help on same. thanks john
Comment by cheap flights to miami — March 10, 2010 @ 11:45 am