[SECURITY-L] Joomla! Security News
CSIRT - UNICAMP
security em unicamp.br
Qui Set 25 09:38:40 -03 2014
Prezados Administradores,
Favor verificar os servidores sob sua responsabilidade que
rodam Joomla e as atualizações de segurança que constam no
boletim abaixo.
Caso seu ambiente esteja nas versoes e vulnerabilidades
listadas, orientamos a imediata atualização do software.
Atenciosamente,
Computer Security Incident Response Team - CSIRT
Universidade Estadual de Campinas - Unicamp
Centro de Computacao - CCUEC
E-mail: security em unicamp.br
GnuPG Public Key: http://www.security.unicamp.br/security.asc
Contact: +55 19 3521-2289 or +55 19 3521-2290
INOC-DBA-BR: 1251*830
----- Forwarded message from Security <no_reply em joomla.org> -----
Date: Wed, 24 Sep 2014 12:12:56 +0000
From: Security <no_reply em joomla.org>
To: security em unicamp.br
Subject: Joomla! Security News
Security
///////////////////////////////////////////
[20140901] - Core - XSS Vulnerability
Posted: 23 Sep 2014 12:00 PM PDT
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/EiyFsQIjpu4/593-20140901-core-xss-vulnerability.html?utm_source=feedburner&utm_medium=email
Project: Joomla!
SubProject: CMS
Severity: Moderate
Versions: 3.2.0 through 3.2.4, 3.3.0 through 3.3.3
Exploit type: XSS Vulnerability
Reported Date: 2014-August-27
Fixed Date: 2014-September-23
CVE Number: CVE-2014-6631
Description
Inadequate escaping leads to XSS vulnerability in com_media.
Affected Installs
Joomla! CMS versions 3.2.0 through 3.2.4 and 3.3.0 through 3.3.3
Solution
Upgrade to version 3.2.5 or 3.3.4
Contact
The JSST at the Joomla! Security Center.
Reported By: Dingjie (Daniel) Yang
///////////////////////////////////////////
[20140902] - Core - Unauthorised Logins
Posted: 23 Sep 2014 12:00 PM PDT
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/uFCKpt1YcxU/594-20140902-core-unauthorised-logins.html?utm_source=feedburner&utm_medium=email
Project: Joomla!
SubProject: CMS
Severity: Moderate
Versions: 2.5.24 and earlier 2.5.x versions, 3.2.4 and earlier 3.x
versions, 3.3.0 through 3.3.3
Exploit type: Unauthorised Logins
Reported Date: 2014-September-09
Fixed Date: 2014-September-23
CVE Number: CVE-2014-6632
Description
Inadequate checking allowed unauthorised logins via LDAP authentication.
Affected Installs
Joomla! CMS versions 2.5.24 and earlier 2.5.x versions, 3.2.4 and
earlier 3.x versions, 3.3.0 through 3.3.3
Solution
Upgrade to version 2.5.25, 3.2.5, or 3.3.4
Contact
The JSST at the Joomla! Security Center.
Reported By: Matthew Daley
--
You are subscribed to email updates from "Security."
To stop receiving these emails, you may unsubscribe now: http://feedburner.google.com/fb/a/mailunsubscribe?k=KMmfqcC9uaW9DoC4WZhxYWXnZ24
Email delivery powered by Google.
Google Inc., 20 West Kinzie, Chicago IL USA 60610
----- End forwarded message -----
Mais detalhes sobre a lista de discussão SECURITY-L