Aktualizacje bezpieczeństwa

DSA-4040 imagemagick

Debian Security - pt., 17/11/2017 - 00:00
security update

DSA-4039 opensaml2

Debian Security - czw., 16/11/2017 - 00:00
security update

DSA-4038 shibboleth-sp2

Debian Security - czw., 16/11/2017 - 00:00
security update

DSA-4037 jackson-databind

Debian Security - czw., 16/11/2017 - 00:00
security update

DSA-4036 mediawiki

Debian Security - śr., 15/11/2017 - 00:00
security update

DSA-4035 firefox-esr

Debian Security - śr., 15/11/2017 - 00:00
security update

DSA-4034 varnish

Debian Security - śr., 15/11/2017 - 00:00
security update

DSA-4033 konversation

Debian Security - pon., 13/11/2017 - 00:00
security update

DSA-4032 imagemagick

Debian Security - ndz., 12/11/2017 - 00:00
security update

DSA-4031 ruby2.3

Debian Security - sob., 11/11/2017 - 00:00
security update

DSA-4030 roundcube

Debian Security - czw., 09/11/2017 - 00:00
security update

DSA-4029 postgresql-common

Debian Security - czw., 09/11/2017 - 00:00
security update

DSA-4028 postgresql-9.6

Debian Security - czw., 09/11/2017 - 00:00
security update

DSA-4027 postgresql-9.4

Debian Security - czw., 09/11/2017 - 00:00
security update

DSA-4026 bchunk

Debian Security - czw., 09/11/2017 - 00:00
security update

DSA-4025 libpam4j

Debian Security - śr., 08/11/2017 - 00:00
security update

DSA-4024 chromium-browser

Debian Security - śr., 08/11/2017 - 00:00
security update

[20171103] - Core - Information Disclosure

Joomla Security Centre - wt., 07/11/2017 - 16:00
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.7.0 through 3.8.1
  • Exploit type: Information Disclosure
  • Reported Date: 2017-May-17
  • Fixed Date: 2017-November-07
  • CVE Number: CVE-2017-16633
Description

A logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.

Affected Installs

Joomla! CMS versions 3.7.0 through 3.8.1

Solution

Upgrade to version 3.8.2

Contact

The JSST at the Joomla! Security Centre.

Reported By: Internal JSST audit

[20171102] - Core - 2-factor-authentication bypass

Joomla Security Centre - wt., 07/11/2017 - 16:00
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Medium
  • Versions: 3.2.0 through 3.8.1
  • Exploit type: 
  • Reported Date: 2017-October-31
  • Fixed Date: 2017-November-07
  • CVE Number: CVE-2017-16634
Description

A bug allowed third parties to bypass a user's 2-factor-authentication method.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.8.1

Solution

Upgrade to version 3.8.2

Contact

The JSST at the Joomla! Security Centre.

Reported By: Yarince

[20171101] - Core - LDAP Information Disclosure

Joomla Security Centre - wt., 07/11/2017 - 16:00
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Medium
  • Versions: 1.5.0 through 3.8.1
  • Exploit type: Information Disclosure
  • Reported Date: 2017-October-06
  • Fixed Date: 2017-November-07
  • CVE Number: CVE-2017-14596
Description

Inadequate escaping in the LDAP authentication plugin can result in disclosure of username and password.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.8.1

Solution

Upgrade to version 3.8.2

Contact

The JSST at the Joomla! Security Centre.

Reported By: Dr. Johannes Dahse, RIPS Technologies GmbH