| Joomla! http://forum.joomla.org/ |
|
| Joomla Security Related Announcements (26 June 2006 last announcement) http://forum.joomla.org/viewtopic.php?f=267&t=40046 |
Page 1 of 1 |
| Author: | stingrey [ Tue Feb 21, 2006 10:13 pm ] |
| Post subject: | Joomla Security Related Announcements (26 June 2006 last announcement) |
2006-02-21 - Joomla! 1.0.x is not affected by recent Mambo Vulnerability There is some concern in the community about the recent Vunerability that affects the Mambo codebase as announced on the Mambo homepage and here: http://forum.mamboserver.com/showthread ... post335532 Our internal testing and direct contact with GulfTech Research And Development - the discoverer of the Mambo vunerability - has confirmed that the vunerability does NOT affect the Joomla! 1.0.x codebase. This security weakness was addressed in Joomla! 1.0.0 However, you need to ensure that you are at least be running Joomla! 1.0.4, as 1.0.3 and below are vulnerable to an unrelated Critical Level security threat as explained in the 1.0.4 release article: http://www.joomla.org/content/view/498/74/ Critical is Joomla! highest security rating and represents a security vulnerability that can lead to a site loss. 1.0.8 will be out very shortly and all Joomla! users should upgrade to this version. This is a direct copy of my blog post here: http://dev.joomla.org/component/option, ... d,33/p,35/ |
|
| Author: | stingrey [ Wed Feb 22, 2006 6:14 pm ] |
| Post subject: | 2006-02-20 - Joomla not affected by report about Linux worm targetting Mambo |
2006-02-20 - Joomla not affected by report about Linux worm targetting Mambo There is some concern in the community about recent reports over the Electronic press about a Linux worm that utilizes a security flaw in Mambo reported by F-Secure, as can be seen by these 2 reports: http://www.theregister.co.uk/2006/02/20/linux_worm/ http://www.infoworld.com/article/06/02/ ... 2006-02-27 This is an OLD vulnerability. This vunerability does NOT affect the latest versions of Mambo or Joomla! It also has NOTHING to do with a recent vulnerability in Mambo found by Gulftech, which I blogged here: http://dev.joomla.org/component/option, ... d,33/p,35/ This vulnerability only affects Mambo 4.5.2.0 and was fixed in Mambo 4.5.2.1 on 25th of February 2005: http://secunia.com/advisories/14337 This means this is a bug now a year old. The only way this vunerability can be exploited is if you are using Mambo 4.5.2.0 - if you are you MUST upgrade to the latest version of Mambo, which is Mambo 4.5.3h + security patch 1. Otherwise I would suggest migrating to Joomla 1.0.7, the instructions for which can be found here: http://help.joomla.org/content/view/818/132/ This is an exact copy of my blog here: http://dev.joomla.org/component/option, ... d,33/p,36/ |
|
| Author: | stingrey [ Fri Mar 03, 2006 6:41 pm ] |
| Post subject: | 2006-03-03 - Latest Secunia Advisory is based on 1.0.8 Release information |
2006-03-03 - Latest Secunia Advisory is based on 1.0.8 Release information http://dev.joomla.org/component/option, ... d,33/p,56/ Quote: Secunia has released a new security advisory, however if you are running Joomla! 1.0.8 you have NOTHING to worry about:
http://secunia.com/advisories/19105/ In fact their advisory is based on our official Joomla! 1.0.8 Release information, as can be read via this line: Quote: Provided and/or discovered by: Reported by the vendor. Basically it means that they have taken our information here http://www.joomla.org/content/view/940/74/1/3/ to create their report. So if you are running Joomla! 1.0.8, NONE of these vunerabilites affect you, as 1.0.8 was specifically released to correct these vunerabilities. Read the rest of this entry ยป |
|
| Author: | stingrey [ Mon Mar 13, 2006 5:52 pm ] |
| Post subject: | 2006-03-13 - Joomla! 1.0.3 and below is vulnerable to a CRITICAL Security flaw |
2006-03-13 - Joomla! 1.0.3 and below is vulnerable to a CRITICAL Security flaw If you are running Joomla! 1.0.3, 1.0.2, 1.0.1 or 1.0.0 then you MUST upgrade to at LEAST 1.0.4 Joomla! 1.0.3 and below are vulnerable to a CRITCIAL LEVEL security threat. Critical is the highest security rating we give to a vulnerability. This vulnerability can lead to your site being hacked/attacked by malicious users and lead to a loss of control of your site. There have been confirmed reports of sites running these versions of Joomla! being attacked by this vulnerability and there are automated scripts that parse the internet and automatically test sites for this vulnerability - even non-joomla sites. We highly recommend you upgrade to the latest version of Joomla!: http://www.joomla.org/content/blogcategory/32/66/ The succeeding versions of Joomla! have additional lower level security fixes. |
|
| Author: | Hackwar [ Thu Jul 13, 2006 10:26 am ] |
| Post subject: | Re: Joomla Security Related Announcements (26 June 2006 last announcement) |
In all Joomla! versions up to 1.0.9 there have been two security vulnerabilities. One of these was a High Level Security threat, therefore we strongly advise you to upgrade to at least 1.0.10!! Vulnerabilities: SQL Injection into Weblinks component This vulnerability is of a very critical nature and could allow people direct access to your site. This also affects your site when the component is not published! Read more about it here. This has been fixed in Joomla! 1.0.10! XSS Cross-Site Scripting vulnerability This is a Low Level security threat. Read more about it here We highly recommend you upgrade to the latest version of Joomla!: http://www.joomla.org/content/blogcategory/32/66/ The succeeding versions of Joomla! have additional lower level security fixes. |
|
| Page 1 of 1 | All times are UTC |
| Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |
|