Not a developer? Go to MovableType.com

News

Movable Type 6.0.8 and 5.2.13 released to close security vulnerability

By Yuji Takayama
Posted April 14, 2015, in News.

We are releasing Movable Type 6.0.8 and 5.2.13 as mandatory security updates. These updates resolved security-related issue discovered in all previous versions of Movable Type 6 and Movable Type 5. We strongly recommend upgrading to the newest version.

Details of the security updates

In previous versions, including the Movable Type 6.0.6 and 5.2.11 are susceptible to Remote Code Execution vulnerability. It allows an attacker is able to run any perl script on the web server. (CVE-2015-0845)

Affected versions of Movable Type

  • Movable Type Pro 6.0.x
  • Movable Type Pro 5.2.x
  • Movable Type Open Source (MTOS) 5.2.x
  • Movable Type Advanced 6.0.x, 5.2.x

Steps required to close the security vulneravilities

Please upgrade to the latest versions of Movable Type:

  • Movable Type Pro 6.0.8
  • Movable Type Pro 5.2.13
  • Movable Type Open Source 5.2.13
  • Movable Type Advanced 6.0.8
  • Movable Type Advanced 5.2.13

Versions that are not affected

  • Movable Type Pro 6.1.1
  • Movable Type Advanced 6.1.1

Movable Type 6.1.1 is already solved this issue.

Warnings

Movable Type 5.0x and 5.1x has reached End of Life and is no longer supported. For users that are running any version of 5.0x and 5.1x, please upgrade to Movable Type 5.2.13, which is available at no additional charge to paid licensees of Movable Type 5 or users of Movable Type Open Source.

Availability of updated versions of Movable Type

Movable Type Pro / Advanced 6.0.8, Movable Type Pro, Advanced, and Enterprise 5.2.13 are available through the Movable Type Software Repository Server. That server is located at https://mtuser.sixapart.jp/en/.

Movable Type Open Source 5.2.13 are available on download site.

Back

Leave a Comment

Yuji Takayama

Yuji is the Movable Type Lead Engineer and Senior Product Manager. I’m worked on Six Apart from 2006.

Twitter: @yuji