Joomla Security Notice :: March 16, 2012

Started by Jason, March 16, 2012, 04:33:38 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Jason

March 16, 2012, 04:33:38 PM
Latest Joomla security notice:

http://developer.joomla.org/security/news

Quote
Joomla! Security News
________________________________________
[20120304] - Core - Password Change
Posted: 16 Mar 2012 12:21 AM PDT
?   Project: Joomla!
?   SubProject: All
?   Severity: High
?   Versions: 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x releases
?   Exploit type: Password Change
?   Reported Date: 2012-March-8
?   Fixed Date: 2012-March-15
Description
Insufficient randomness leads to password reset vulnerability.
Affected Installs
Joomla! versions 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x versions
Solution
Upgrade to version 2.5.3


------------------------------------

[20120303] - Core - Privilege Escalation
Posted: 15 Mar 2012 05:00 AM PDT
?   Project: Joomla!
?   SubProject: All
?   Severity: High
?   Versions: 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x releases
?   Exploit type: Privilege Escalation
?   Reported Date: 2012-March-12
?   Fixed Date: 2012-March-15
Description
Programming error allows privilege escalation in some cases.
Affected Installs
Joomla! versions 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x versions
Solution
Upgrade to version 2.5.3
Print
Go Up Pages1
User actions