Joomla Security Notice :: December 14, 2016

Started by Jason, December 14, 2016, 03:38:01 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Jason

Joomla has emailed a security announcement.  If you use Joomla for your site, please check your version and upgrade accordingly.

The announcement is available on their site here:

https://developer.joomla.org/security-centre.html



QuoteJoomla! Security News

________________________________________
•    [20161204] - Misc. Security Hardening
•    [20161203] - Core - Information Disclosure
•    [20161202] - Core - Shell Upload
•    [20161201] - Core - Elevated Privileges
[20161204] - Misc. Security Hardening
Posted: 13 Dec 2016 09:00 PM PST
-Project: Joomla!
-SubProject: CMS
Description
Joomla! 3.6.5 includes additional security hardening mechanisms prepared by the JSST, thanks in part to issue reports from Fotis Evangelou and Nicholas Dionysopoulos, which restricts a user's ability to make potentially damaging configuration changes. This includes restricting the ability to set the "New User Registration Group" and "Guest User Group" to a group with Super User permissions and restricting the ability for a lesser privileged user to make user group assignment changes to users in a Super User group.
Additionally, we have modified the behavior of JUser::authorise() to only return a boolean value. Previously, this method could return either a boolean value or null because the underlying call to JAccess::check() can also return a null value; neither JUser::authorise() or JAccess::check() documented this though. We have determined that based on how the API is used that JUser::authorise() should only return a boolean value. If a developer requires the previous behavior of a null return value (which indicates an "implicit" denied state versus "explicit" signified by boolean false), they should use JAccess::check() instead. The documentation for JAccess::check() has been updated to indicate the null return value as well.
Contact
The JSST at the Joomla! Security Centre.
 
 

[20161203] - Core - Information Disclosure
Posted: 13 Dec 2016 09:00 PM PST
-Project: Joomla!
-SubProject: CMS
-Severity: Low
-Versions: 3.0.0 through 3.6.4
-Exploit type: Information Disclosure
-Reported Date: 2016-April-15
-Fixed Date: 2016-December-06
-CVE Number: CVE-2016-9837
Description
Inadequate ACL checks in the Beez3 com_content article layout override enables a user to view restricted content.
Affected Installs
Joomla! CMS versions 3.0.0 through 3.6.4
Solution
Upgrade to version 3.6.5
Contact
The JSST at the Joomla! Security Centre.
Reported By: Christiaan Klatte and Brian Teeman
 
 

[20161202] - Core - Shell Upload
Posted: 13 Dec 2016 09:00 PM PST
-Project: Joomla!
-SubProject: CMS
-Severity: Low
-Versions: 3.0.0 through 3.6.4
-Exploit type: Shell Upload
-Reported Date: 2016-October-26
-Fixed Date: 2016-December-06
-CVE Number: CVE-2016-9836
Description
Inadequate filesystem checks allowed files with alternative PHP file extensions to be uploaded.
Affected Installs
Joomla! CMS versions 3.0.0 through 3.6.4
Solution
Upgrade to version 3.6.5
Contact
The JSST at the Joomla! Security Centre.
Reported By: Xiphos Research Ltd.
 
 

[20161201] - Core - Elevated Privileges
Posted: 13 Dec 2016 09:00 PM PST
-Project: Joomla!
-SubProject: CMS
-Severity: High
-Versions: 1.6.0 through 3.6.4
-Exploit type: Elevated Privileges
-Reported Date: 2016-November-04
-Fixed Date: 2016-December-06
-CVE Number: CVE-2016-9838
Description
Incorrect use of unfiltered data stored to the session on a form validation failure allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments.
Affected Installs
Joomla! CMS versions 1.6.0 through 3.6.4
Solution
Upgrade to version 3.6.5
Contact
The JSST at the Joomla! Security Centre.
Reported By: Andreev Ivan