Torsdag 22. oktober ble Joomla 3.4.5 tilgjengelig. Dette er en høyrisiko sikkerhetsoppdatering. ALLE bør oppdatere snarest! 
Dette er første alvorlige sikkerhets fix på mange år.

securityOppdateringen gjelder Joomla 3.x serie og retter en kritisk sikkerhets sårbarhet. Denne oppdateringen inneholder kun sikkerhetsfix, så backup burde ikke være nødvendig.

 

Det er tre sårbarheter som er avdekket.

  • High Priority - Core - SQL Injection (affecting Joomla 3.2 through 3.4.4) More information »
  • Medium Priority - Core - ACL Violations (affecting Joomla 3.2 through 3.4.4) More information »
  • Medium Priority - Core - ACL Violations (affecting Joomla 3.0 through 3.4.4) More information »

 

Mer på Joomla.org:
https://www.joomla.org/announcements/release-news/5634-joomla-3-4-5-released.html

 

[20151001] - Core - SQL Injection

Posted: 22 Oct 2015 12:00 PM PDT

  • Project: Joomla!
  • SubProject: CMS
  • Severity: High
  • Versions: 3.2.0 through 3.4.4
  • Exploit type: SQL Injection
  • Reported Date: 2015-October-15
  • Fixed Date: 2015-October-22
  • CVE Numbers: CVE-2015-7297CVE-2015-7857CVE-2015-7858

Description

Inadequate filtering of request data leads to a SQL Injection vulnerability.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.4.4

Solution

Upgrade to version 3.4.5

Contact

The JSST at the Joomla! Security Centre.

Reported By: Asaf Orpani of Trustwave and Netanel Rubin at PerimeterX

[20151002] - Core - ACL Violations

Posted: 22 Oct 2015 12:00 PM PDT

  • Project: Joomla!
  • SubProject: CMS
  • Severity: Moderate
  • Versions: 3.2.0 through 3.4.4
  • Exploit type: ACL Violation
  • Reported Date: 2015-October-15
  • Fixed Date: 2015-October-22
  • CVE Number: CVE-2015-7859

Description

Inadequate ACL checks in com_contenthistory provide potential read access to data which should be access restricted.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.4.4

Solution

Upgrade to version 3.4.5

Contact

The JSST at the Joomla! Security Centre.

Reported By: JSST

[20151003] - Core - ACL Violations

Posted: 22 Oct 2015 12:00 PM PDT

  • Project: Joomla!
  • SubProject: CMS
  • Severity: Moderate
  • Versions: 3.0.0 through 3.4.4
  • Exploit type: ACL Violation
  • Reported Date: 2015-October-15
  • Fixed Date: 2015-October-22
  • CVE Number: CVE-2015-7899

Description

Inadequate ACL checks in com_content provide potential read access to data which should be access restricted.

Affected Installs

Joomla! CMS versions 3.0.0 through 3.4.4