Aktualizacje bezpieczeństwa

[20180803] - Core - ACL Violation in custom fields

Joomla Security Centre - ndz., 26/08/2018 - 15:45
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Low
  • Versions: 3.7.0 through 3.8.11
  • Exploit type: ACL Violation
  • Reported Date: 2018-July-10
  • Fixed Date: 2018-August-28
  • CVE Number: CVE-2018-15881
Description

Inadequate checks regarding disabled fields can lead to an ACL violation.

Affected Installs

Joomla! CMS versions 3.7.0 through 3.8.11

Solution

Upgrade to version 3.8.12

Contact

The JSST at the Joomla! Security Centre.

Reported By: Elisa Foltyn, COOLCAT CREATIONS

[20180802] - Core - Stored XSS vulnerability in the frontend profile

Joomla Security Centre - ndz., 26/08/2018 - 15:45
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Low
  • Versions: 1.5.0 through 3.8.11
  • Exploit type: XSS
  • Reported Date: 2018-July-10
  • Fixed Date: 2018-August-28
  • CVE Number: CVE-2018-15880
Description

Inadequate output filtering on the user profile page could lead to a stored XSS attack.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.8.11

Solution

Upgrade to version 3.8.12

Contact

The JSST at the Joomla! Security Centre.

Reported By: Roland Dalmulder, Perfect Web Team

[20180801] - Core - Hardening the InputFilter for PHAR stubs

Joomla Security Centre - ndz., 26/08/2018 - 15:45
  • Project: Joomla!
  • SubProject: CMS
  • Impact: High
  • Severity: Low
  • Versions: 1.5.0 through 3.8.11
  • Exploit type: Malicious file upload
  • Reported Date: 2018-August-23
  • Fixed Date: 2018-August-28
  • CVE Number: CVE-2018-15882
Description

Inadequate checks in the InputFilter class could allow specifically prepared PHAR files to pass the upload filter.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.8.11

Solution

Upgrade to version 3.8.12

Contact

The JSST at the Joomla! Security Centre.

Reported By: Davide Tampellini

DSA-4280 openssh

Debian Security - śr., 22/08/2018 - 00:00
security update

DSA-4279 linux

Debian Security - pon., 20/08/2018 - 00:00
security update

DSA-4278 jetty9

Debian Security - ndz., 19/08/2018 - 00:00
security update

DSA-4277 mutt

Debian Security - pt., 17/08/2018 - 00:00
security update

DSA-4276 php-horde-image

Debian Security - pt., 17/08/2018 - 00:00
security update

DSA-4275 keystone

Debian Security - czw., 16/08/2018 - 00:00
security update

DSA-4274 xen

Debian Security - czw., 16/08/2018 - 00:00
security update

DSA-4273 intel-microcode

Debian Security - czw., 16/08/2018 - 00:00
security update

DSA-4272 linux

Debian Security - wt., 14/08/2018 - 00:00
security update

DSA-4271 samba

Debian Security - wt., 14/08/2018 - 00:00
security update

DSA-4270 gdm3

Debian Security - pon., 13/08/2018 - 00:00
security update

DSA-4269 postgresql-9.6

Debian Security - pt., 10/08/2018 - 00:00
security update

DSA-4268 openjdk-8

Debian Security - pt., 10/08/2018 - 00:00
security update

DSA-4267 kamailio

Debian Security - śr., 08/08/2018 - 00:00
security update

DSA-4266 linux

Debian Security - pon., 06/08/2018 - 00:00
security update

DSA-4265 xml-security-c

Debian Security - ndz., 05/08/2018 - 00:00
security update

DSA-4264 python-django

Debian Security - ndz., 05/08/2018 - 00:00
security update