Joomla Security Notice :: July 4, 2015

Started by Jason, July 04, 2015, 09:11:07 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Jason

Joomla sent out a security notification today.  Please be aware:

http://developer.joomla.org/security-centre.html

Quote
Joomla! Security News
________________________________________
[20150602] - Core - CSRF Protection
Posted: 03 Jul 2015 02:10 PM PDT
*   Project: Joomla!
*   SubProject: CMS
*   Severity: Low
*   Versions: 3.2.0 through 3.4.1
*   Exploit type: CSRF Protection
*   Reported Date: 2015-April-06
*   Fixed Date: 2015-June-30
*   CVE Number: tbd
Description
Lack of CSRF checks potentially enabled uploading malicious code.
Affected Installs
Joomla! CMS versions 3.2.0 through 3.4.1
Solution
Upgrade to version 3.4.2

---------------

[20150601] - Core - Open Redirect
Posted: 03 Jul 2015 02:04 PM PDT
*   Project: Joomla!
*   SubProject: CMS
*   Severity: Low
*   Versions: 3.0.0 through 3.4.1
*   Exploit type: Open Redirect
*   Reported Date: 2015-June-01
*   Fixed Date: 2015-June-30
*   CVE Number: tbd
Description
Inadequate checking of the return value allowed to redirect to an extern page.
Affected Installs
Joomla! CMS versions 3.0.0 through 3.4.1
Solution
Upgrade to version 3.4.2
[/quote[