Aktualizacje bezpieczeństwa

DSA-4321 graphicsmagick

Debian Security - wt., 16/10/2018 - 00:00
security update

DSA-4320 asterisk

Debian Security - wt., 16/10/2018 - 00:00
security update

DSA-4319 spice

Debian Security - pon., 15/10/2018 - 00:00
security update

DSA-4318 moin

Debian Security - pon., 15/10/2018 - 00:00
security update

DSA-4317 otrs2

Debian Security - ndz., 14/10/2018 - 00:00
security update

DSA-4316 imagemagick

Debian Security - pt., 12/10/2018 - 00:00
security update

DSA-4315 wireshark

Debian Security - pt., 12/10/2018 - 00:00
security update

DSA-4314 net-snmp

Debian Security - czw., 11/10/2018 - 00:00
security update

[20181005] - Core - CSRF hardening in com_installer

Joomla Security Centre - wt., 09/10/2018 - 15:45
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Moderate
  • Severity: Low
  • Versions: 2.5.0 through 3.8.12
  • Exploit type: CSRF
  • Reported Date: 2018-September-26
  • Fixed Date: 2018-October-02
  • CVE Number: CVE-2018-17858
Description

Added additional CSRF hardening in com_installer actions in the backend.

Affected Installs

Joomla! CMS versions 2.5.0 through 3.8.12

Solution

Upgrade to version 3.8.13

Contact

The JSST at the Joomla! Security Centre.

Reported By: Raviraj A. Powar

[20181004] - Core - ACL Violation in com_users for the admin verification

Joomla Security Centre - wt., 09/10/2018 - 15:45
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Moderate
  • Severity: Low
  • Versions: 1.5.0 through 3.8.12
  • Exploit type: ACL Violation
  • Reported Date: 2017-December-27
  • Fixed Date: 2018-October-02
  • CVE Number: CVE-2018-17855
Description

In case that an attacker gets access to the mail account of an user who can approve admin verifications in the registration process he can activate himself.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.8.12

Solution

Upgrade to version 3.8.13

Contact

The JSST at the Joomla! Security Centre.

Reported By: Paul Freeman

[20181003] - Core - Access level Violation in com_tags

Joomla Security Centre - wt., 09/10/2018 - 15:45
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Moderate
  • Severity: Low
  • Versions: 3.1.0 through 3.8.12
  • Exploit type: ACL Violation
  • Reported Date: 2018-June-20
  • Fixed Date: 2018-October-02
  • CVE Number: CVE-2018-17857
Description

Inadequate checks on the tags search fields can lead to an access level violation.

Affected Installs

Joomla! CMS versions 3.1.0 through 3.8.12

Solution

Upgrade to version 3.8.13

Contact

The JSST at the Joomla! Security Centre.

Reported By: Андрей Капитанов

[20181002] - Core - Inadequate default access level for com_joomlaupdate

Joomla Security Centre - wt., 09/10/2018 - 15:45
  • Project: Joomla!
  • SubProject: CMS
  • Impact: High
  • Severity: Low
  • Versions: 2.5.4 through 3.8.12
  • Exploit type: Object Injection
  • Reported Date: 2018-June-21
  • Fixed Date: 2018-October-02
  • CVE Number: CVE-2018-17856
Description

Joomla’s com_joomlaupdate allows the execution of arbitrary code. The default ACL config enabled access of Administrator-level users to access com_joomlaupdate and trigger a code execution.

Affected Installs

Joomla! CMS versions 2.5.4 through 3.8.12

Solution

Upgrade to version 3.8.13

Contact

The JSST at the Joomla! Security Centre.

Reported By: Codesafescan

[20181001] - Core - Hardening com_contact contact form

Joomla Security Centre - wt., 09/10/2018 - 15:45
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Moderate
  • Severity: Low
  • Versions: 2.5.0 through 3.8.12
  • Exploit type: Incorrect Access Control
  • Reported Date: 2018-September-17
  • Fixed Date: 2018-October-02
  • CVE Number: CVE-2018-17859
Description

Inadequate checks in com_contact could allowed mail submission in disabled forms.

Affected Installs

Joomla! CMS versions 2.5.0 through 3.8.12

Solution

Upgrade to version 3.8.13

Contact

The JSST at the Joomla! Security Centre.

Reported By: David Jardin (JSST)

DSA-4313 linux

Debian Security - pon., 08/10/2018 - 00:00
security update

DSA-4312 tinc

Debian Security - pon., 08/10/2018 - 00:00
security update

DSA-4311 git

Debian Security - pt., 05/10/2018 - 00:00
security update

DSA-4310 firefox-esr

Debian Security - śr., 03/10/2018 - 00:00
security update

DSA-4309 strongswan

Debian Security - pon., 01/10/2018 - 00:00
security update

DSA-4308 linux

Debian Security - pon., 01/10/2018 - 00:00
security update

DSA-4307 python3.5

Debian Security - pt., 28/09/2018 - 00:00
security update