Aktualizacje bezpieczeństwa

[20180601] - Core - Local File Inclusion with PHP 5.3

Joomla Security Centre - wt., 26/06/2018 - 15:30
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Low
  • Versions: 2.5.0 through 3.8.8
  • Exploit type: LFI
  • Reported Date: 2018-April-23
  • Fixed Date: 2018-June-26
  • CVE Number: CVE-2018-12712
Description

Our autoload code checks classnames to be valid, using the "class_exists" function in PHP. In PHP 5.3 this function validates invalid names as valid, which can result in a Local File Inclusion.

Affected Installs

Joomla! CMS versions 2.5.0 through 3.8.8

Solution

Upgrade to version 3.8.9

Contact

The JSST at the Joomla! Security Centre.

Reported By: Davide Tampellini

DSA-4234 lava-server

Debian Security - pt., 22/06/2018 - 00:00
security update

DSA-4233 bouncycastle

Debian Security - pt., 22/06/2018 - 00:00
security update

DSA-4232 xen

Debian Security - śr., 20/06/2018 - 00:00
security update

DSA-4231 libgcrypt20

Debian Security - ndz., 17/06/2018 - 00:00
security update

DSA-4230 redis

Debian Security - ndz., 17/06/2018 - 00:00
security update

DSA-4229 strongswan

Debian Security - czw., 14/06/2018 - 00:00
security update

DSA-4228 spip

Debian Security - czw., 14/06/2018 - 00:00
security update

DSA-4227 plexus-archiver

Debian Security - wt., 12/06/2018 - 00:00
security update

DSA-4226 perl

Debian Security - wt., 12/06/2018 - 00:00
security update

DSA-4225 openjdk-7

Debian Security - ndz., 10/06/2018 - 00:00
security update

DSA-4220 firefox-esr

Debian Security - pt., 08/06/2018 - 00:00
security update

DSA-4224 gnupg

Debian Security - pt., 08/06/2018 - 00:00
security update

DSA-4223 gnupg1

Debian Security - pt., 08/06/2018 - 00:00
security update

DSA-4222 gnupg2

Debian Security - pt., 08/06/2018 - 00:00
security update

DSA-4221 libvncserver

Debian Security - pt., 08/06/2018 - 00:00
security update

DSA-4219 jruby

Debian Security - pt., 08/06/2018 - 00:00
security update

DSA-4218 memcached

Debian Security - śr., 06/06/2018 - 00:00
security update

DSA-4217 wireshark

Debian Security - ndz., 03/06/2018 - 00:00
security update

DSA-4216 prosody

Debian Security - sob., 02/06/2018 - 00:00
security update