Aktualizacje bezpieczeństwa

DSA-4286 curl

Debian Security - śr., 05/09/2018 - 00:00
security update

DSA-4285 sympa

Debian Security - śr., 05/09/2018 - 00:00
security update

DSA-4284 lcms2

Debian Security - wt., 04/09/2018 - 00:00
security update

DSA-4283 ruby-json-jwt

Debian Security - pt., 31/08/2018 - 00:00
security update

DSA-4282 trafficserver

Debian Security - pt., 31/08/2018 - 00:00
security update

DSA-4281 tomcat8

Debian Security - śr., 29/08/2018 - 00:00
security update

[20180803] - Core - ACL Violation in custom fields

Joomla Security Centre - ndz., 26/08/2018 - 15:45
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Low
  • Versions: 3.7.0 through 3.8.11
  • Exploit type: ACL Violation
  • Reported Date: 2018-July-10
  • Fixed Date: 2018-August-28
  • CVE Number: CVE-2018-15881
Description

Inadequate checks regarding disabled fields can lead to an ACL violation.

Affected Installs

Joomla! CMS versions 3.7.0 through 3.8.11

Solution

Upgrade to version 3.8.12

Contact

The JSST at the Joomla! Security Centre.

Reported By: Elisa Foltyn, COOLCAT CREATIONS

[20180802] - Core - Stored XSS vulnerability in the frontend profile

Joomla Security Centre - ndz., 26/08/2018 - 15:45
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Low
  • Versions: 1.5.0 through 3.8.11
  • Exploit type: XSS
  • Reported Date: 2018-July-10
  • Fixed Date: 2018-August-28
  • CVE Number: CVE-2018-15880
Description

Inadequate output filtering on the user profile page could lead to a stored XSS attack.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.8.11

Solution

Upgrade to version 3.8.12

Contact

The JSST at the Joomla! Security Centre.

Reported By: Roland Dalmulder, Perfect Web Team

[20180801] - Core - Hardening the InputFilter for PHAR stubs

Joomla Security Centre - ndz., 26/08/2018 - 15:45
  • Project: Joomla!
  • SubProject: CMS
  • Impact: High
  • Severity: Low
  • Versions: 1.5.0 through 3.8.11
  • Exploit type: Malicious file upload
  • Reported Date: 2018-August-23
  • Fixed Date: 2018-August-28
  • CVE Number: CVE-2018-15882
Description

Inadequate checks in the InputFilter class could allow specifically prepared PHAR files to pass the upload filter.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.8.11

Solution

Upgrade to version 3.8.12

Contact

The JSST at the Joomla! Security Centre.

Reported By: Davide Tampellini

DSA-4280 openssh

Debian Security - śr., 22/08/2018 - 00:00
security update

DSA-4279 linux

Debian Security - pon., 20/08/2018 - 00:00
security update

DSA-4278 jetty9

Debian Security - ndz., 19/08/2018 - 00:00
security update

DSA-4277 mutt

Debian Security - pt., 17/08/2018 - 00:00
security update

DSA-4276 php-horde-image

Debian Security - pt., 17/08/2018 - 00:00
security update

DSA-4275 keystone

Debian Security - czw., 16/08/2018 - 00:00
security update

DSA-4274 xen

Debian Security - czw., 16/08/2018 - 00:00
security update

DSA-4273 intel-microcode

Debian Security - czw., 16/08/2018 - 00:00
security update

DSA-4272 linux

Debian Security - wt., 14/08/2018 - 00:00
security update

DSA-4271 samba

Debian Security - wt., 14/08/2018 - 00:00
security update

DSA-4270 gdm3

Debian Security - pon., 13/08/2018 - 00:00
security update