Support Joomla!
  • Flexible
  • Simple
  • Elegant
  • Customizable
  • Powerful
 screenshot

Cutting Edge Content Management

Joomla! is one of the most powerful Open Source Content Management Systems on the planet. It is used all over the world for everything from simple websites to complex corporate applications. Joomla! is easy to install, simple to manage, and reliable.
 

Who's Online

We have 179 guests online

Syndication from this page

Disclaimer

The news and opinions posted in this area have been submitted from the community and does not constitute Official Joomla!/OSM news.

This content is provided as a service to our visitors, and, as such, Joomla!/OSM cannot be held liable for the accuracy of the information.

Visitors wishing to verify that the information is correct should contact the parties responsible for authoring the content.

Publishing of news here does not constitute or imply endorsement, recommendation, or favouring by Joomla!/OSM.

Upgrade immediately to Joomla! 1.0.11 PDF Print E-mail
Tuesday, 29 August 2006
Article Index
Upgrade immediately to Joomla! 1.0.11
Security Fixes
Security Advisory
New Visible Warnings
Extension Security
Instructions
Packages
Thanks
Page 2 of 8

Security Fixes

Joomla! 1.0.11 Contains twenty-six (26) fixes for High, Medium and Low Level Security Vunerabilities.  

The majority of these vunerabilities affect all previous versions of Joomla!

04 HIGH Level Threats fixed
  A1 Unvalidated Input  
  • Secured mosMail() against unvalidated input
    •  
  • Secured JosIsValidEmail() - in previous versions the existance of an email address 
    somewhere in the string was sufficient
    •  
   A6 Injection Flaws   
  • Fixed remote execution issue in PEAR.php
    •  
  • Fixed Zend Hash Del Key Or Index Vulnerability
    •  
04 MEDIUM Level Threats fixed
  A1 Unvalidated Input  
  • globals.php not included in administrator/index.php
    •  
   A2 Broken Access Control    
  • Added Missing defined( '_VALID_MOS' ) checks
    •  
  • Limit Admin `Upload Image` from uploading below `/images/stories/` directory
    •  
  • Fixed do_pdf command bypassing the user authentication
    •  
18 LOW Level Threats fixed
  A1 Unvalidated Input  
  • Hardened Admin `User Manager`
    •  
  • Hardened poll module
    •  
  • Fixed josSpoofValue function to ensure the hash is a string
    •  
   A2 Broken Access Control    
  • Secured com_content to not allow the tasks 'emailform' and 'emailsend' 
    if $mosConfig_hideEmail is set
    •  
  • Fixed emailform com_content task bypassing the user authentication
    •  
  • Limit access to Admin `Popups` functionality
    •  
   A4 Cross Site Scripting   
  • Fixed XSS injection issue in Admin `Module Manager`
    •  
  • Fixed XSS injection issue in Admin `Help`
    •   
  • Fixed XSS injection issue in Search
    •   
  A6 Injection Flaws   
  • Harden loading of globals.php by using require() instead of include_once();
    •  
  • Block potential misuse of $option variable
    •  
  • Block against injection issue in Admin `Upload Image`
    •    
  • Secured against possible injection attacks on ->load()
    •  
  • Secured against injection attack on content submissions where frontpage 
    is selected
    •  
  • Secured against possible injection attack thru mosPageNav constructor
    •  
  • Secured against possible injection attack thru saveOrder functions
    •  
  • Add exploit blocking rules to htaccess
    •  
  • Harden ACL from possible injection attacks

High Level Vulnerabilities

1.0.11 fixes 4 High Level security vulnerabilities that affect all previous versions of Joomla! 1.0.x series. 
In fact there is a strong likelihood that most of these vunerabilities (including the Hig h Level ones) will also affect older versions of Mambo as well.

Therefore all Joomla! users are strongly advised to upgrade immediately to Joomla! 1.0.11 



 
< Prev   Next >
[ Back ]