Otkrivene su ranjivosti u radu CMS-a Joomla!. Prva ranjivost se očituje nedovoljnim slučajnim odabirom lozinki, što za posljedicu može imati resetiranje lozinke. Druga ranjivost je posljedica programske greške koja u određenim slučajevima dozvoljava povišenje privilegija. Savjetuje se nadogradnja na inačicu 2.5.3.
Joomla! Developer Network - Security News
///////////////////////////////////////////
[20120304] - Core - Password Change
Posted: 16 Mar 2012 12:21 AM PDT
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/JukET1dgfDM/394-201...
Project: Joomla!
SubProject: All
Severity: High
Versions: 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x releases
Exploit type: Password Change
Reported Date: 2012-March-8
Fixed Date: 2012-March-15
Description
Insufficient randomness leads to password reset vulnerability.
Affected Installs
Joomla! versions 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x versions
Solution
Upgrade to version 2.5.3
Reported by George Argyros and Aggelos Kiayias
Contact
The JSST at the Joomla! Security Center.
///////////////////////////////////////////
[20120303] - Core - Privilege Escalation
Posted: 15 Mar 2012 05:00 AM PDT
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/n5w8L96w-LM/395-201...
Project: Joomla!
SubProject: All
Severity: High
Versions: 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x releases
Exploit type: Privilege Escalation
Reported Date: 2012-March-12
Fixed Date: 2012-March-15
Description
Programming error allows privilege escalation in some cases.
Affected Installs
Joomla! versions 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x versions
Solution
Upgrade to version 2.5.3
Reported by Jeff Channel
Contact
The JSST at the Joomla! Security Center.
--
You are subscribed to email updates from "Joomla! Developer Network -
Security News."
Posljednje sigurnosne preporuke