Aktualizacje bezpieczeństwa

DSA-4031 ruby2.3

Debian Security - sob., 11/11/2017 - 00:00
security update

DSA-4030 roundcube

Debian Security - czw., 09/11/2017 - 00:00
security update

DSA-4029 postgresql-common

Debian Security - czw., 09/11/2017 - 00:00
security update

DSA-4028 postgresql-9.6

Debian Security - czw., 09/11/2017 - 00:00
security update

DSA-4027 postgresql-9.4

Debian Security - czw., 09/11/2017 - 00:00
security update

DSA-4026 bchunk

Debian Security - czw., 09/11/2017 - 00:00
security update

DSA-4025 libpam4j

Debian Security - śr., 08/11/2017 - 00:00
security update

DSA-4024 chromium-browser

Debian Security - śr., 08/11/2017 - 00:00
security update

[20171103] - Core - Information Disclosure

Joomla Security Centre - wt., 07/11/2017 - 16:00
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.7.0 through 3.8.1
  • Exploit type: Information Disclosure
  • Reported Date: 2017-May-17
  • Fixed Date: 2017-November-07
  • CVE Number: CVE-2017-16633
Description

A logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.

Affected Installs

Joomla! CMS versions 3.7.0 through 3.8.1

Solution

Upgrade to version 3.8.2

Contact

The JSST at the Joomla! Security Centre.

Reported By: Internal JSST audit

[20171102] - Core - 2-factor-authentication bypass

Joomla Security Centre - wt., 07/11/2017 - 16:00
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Medium
  • Versions: 3.2.0 through 3.8.1
  • Exploit type: 
  • Reported Date: 2017-October-31
  • Fixed Date: 2017-November-07
  • CVE Number: CVE-2017-16634
Description

A bug allowed third parties to bypass a user's 2-factor-authentication method.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.8.1

Solution

Upgrade to version 3.8.2

Contact

The JSST at the Joomla! Security Centre.

Reported By: Yarince

[20171101] - Core - LDAP Information Disclosure

Joomla Security Centre - wt., 07/11/2017 - 16:00
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Medium
  • Versions: 1.5.0 through 3.8.1
  • Exploit type: Information Disclosure
  • Reported Date: 2017-October-06
  • Fixed Date: 2017-November-07
  • CVE Number: CVE-2017-14596
Description

Inadequate escaping in the LDAP authentication plugin can result in disclosure of username and password.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.8.1

Solution

Upgrade to version 3.8.2

Contact

The JSST at the Joomla! Security Centre.

Reported By: Dr. Johannes Dahse, RIPS Technologies GmbH

DSA-4022 libreoffice

Debian Security - wt., 07/11/2017 - 00:00
security update

DSA-4023 slurm-llnl

Debian Security - wt., 07/11/2017 - 00:00
security update

DSA-4021 otrs2

Debian Security - wt., 07/11/2017 - 00:00
security update

DSA-4020 chromium-browser

Debian Security - ndz., 05/11/2017 - 00:00
security update

DSA-4019 imagemagick

Debian Security - ndz., 05/11/2017 - 00:00
security update

DSA-4018 openssl

Debian Security - sob., 04/11/2017 - 00:00
security update

DSA-4017 openssl1.0

Debian Security - pt., 03/11/2017 - 00:00
security update

DSA-4016 irssi

Debian Security - pt., 03/11/2017 - 00:00
security update

DSA-4015 openjdk-8

Debian Security - czw., 02/11/2017 - 00:00
security update