Aktualizacje bezpieczeństwa

DSA-4111 libreoffice

Debian Security - ndz., 11/02/2018 - 00:00
security update

DSA-4110 exim4

Debian Security - sob., 10/02/2018 - 00:00
security update

DSA-4109 ruby-omniauth

Debian Security - pt., 09/02/2018 - 00:00
security update

DSA-4108 mailman

Debian Security - pt., 09/02/2018 - 00:00
security update

DSA-4107 django-anymail

Debian Security - śr., 07/02/2018 - 00:00
security update

DSA-4106 libtasn1-6

Debian Security - śr., 07/02/2018 - 00:00
security update

DSA-4105 mpv

Debian Security - wt., 06/02/2018 - 00:00
security update

DSA-4104 p7zip

Debian Security - ndz., 04/02/2018 - 00:00
security update

DSA-4103 chromium-browser

Debian Security - śr., 31/01/2018 - 00:00
security update

[20180104] - Core - SQLi vulnerability in Hathor postinstall message

Joomla Security Centre - wt., 30/01/2018 - 15:45
  • Project: Joomla!
  • SubProject: CMS
  • Impact: High
  • Severity: Low
  • Versions: 3.7.0 through 3.8.3
  • Exploit type: SQLi
  • Reported Date: 2017-November-17
  • Fixed Date: 2018-January-30
  • CVE Number: CVE-2018-6376
Description

The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.

Affected Installs

Joomla! CMS versions 3.7.0 through 3.8.3

Solution

Upgrade to version 3.8.4

Contact

The JSST at the Joomla! Security Centre.

Reported By: Karim Ouerghemmi, ripstech.com

[20180103] - Core - XSS vulnerability in Uri class

Joomla Security Centre - wt., 30/01/2018 - 15:45
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Moderate
  • Severity: Low
  • Versions: 1.5.0 through 3.8.3
  • Exploit type: XSS
  • Reported Date: 2017-November-17
  • Fixed Date: 2018-January-30
  • CVE Number: CVE-2018-6379
Description

Inadequate input filtering in the Uri class (formerly JUri) leads to a XSS vulnerability.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.8.3

Solution

Upgrade to version 3.8.4

Contact

The JSST at the Joomla! Security Centre.

Reported By: Octavian Cinciu

[20180102] - Core - XSS vulnerability in com_fields

Joomla Security Centre - wt., 30/01/2018 - 15:45
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Moderate
  • Severity: Low
  • Versions: 3.7.0 through 3.8.3
  • Exploit type: XSS
  • Reported Date: 2018-January-20
  • Fixed Date: 2018-January-30
  • CVE Number: CVE-2018-6377
Description

Inadequate input filtering in com_fields leads to a XSS vulnerability in multiple field types, i.e. list, radio and checkbox.

Affected Installs

Joomla! CMS versions 3.7.0 through 3.8.3

Solution

Upgrade to version 3.8.4

Contact

The JSST at the Joomla! Security Centre.

Reported By: Benjamin Trenkle, JSST

[20180101] - Core - XSS vulnerability in module chromes

Joomla Security Centre - wt., 30/01/2018 - 15:45
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Moderate
  • Severity: Low
  • Versions: 3.0.0 through 3.8.3
  • Exploit type: XSS
  • Reported Date: 2018-January-21
  • Fixed Date: 2018-January-30
  • CVE Number: CVE-2018-6380
Description

Lack of escaping in the module chromes leads to XSS vulnerabilities in the module system.

Affected Installs

Joomla! CMS versions 3.0.0 through 3.8.3

Solution

Upgrade to version 3.8.4

Contact

The JSST at the Joomla! Security Centre.

Reported By: David Jardin, JSST

DSA-4102 thunderbird

Debian Security - wt., 30/01/2018 - 00:00
security update