Ubuntu: 1772-1: OpenStack Keystone vulnerability
(Mar 20) Under certain configurations, Keystone would allow unintended access overthe network.
(Mar 20) Under certain configurations, Keystone would allow unintended access overthe network.
(Mar 21) Several security issues were fixed in ClamAV.
(Mar 19) Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6.3 Extended Update Support. The Red Hat Security Response Team has rated this update as having [More…]
The following bugs have been fixed:
[-] DrWeb mail handler runs two times on each message (108472).
[-] Upgrade php component breaks permissions on php sessions directory (91998).
[+] CentOS 6.4 support has been addded. There is know issue with switching between mail servers: http://kb.parallels.com/en/115779
(Mar 15) A buffer overflow was discovered in the Firebird database server, which could result in the execution of arbitrary code. In addition, a denial of service vulnerability was discovered in the TraceManager. [More…]
The Joomla! Project is pleased to announce the availability of Joomla! CMS 3 Beta2. Community members are asked to download and install the package in order to provide quality assurance for Joomla 3.1. Joomla 3.1 is scheduled for release on or around March 25th, 2013.
Joomla 3 is the latest major release of the Joomla CMS, with Joomla 3.1 the second short term support release in this series. Please note that going from Joomla 3.0 to 3.1 is a one-click upgrade and is NOT a migration. The same is true is for any subsequent versions in the Joomla 3 series. That being said, please do not upgrade any of your production sites to the beta version as beta is ONLY intended for testing.
This is a beta release and not for use on production sites.
Extension developers are encouraged to work with this release in order to prepare extensions for the General Availability release of Joomla 3.1, though there shouldn’t be any backward compatibility issues. Users are encouraged to test the package for issues and to report issues in the Joomla! issue tracker.
Miscellaneous: 28574 – Removed the GeSHi plug-in
Version 2.5 of the Joomla! CMS is a Long Term Support release and support for it will continue until shortly after the release of Joomla 3.5 scheduled for Spring 2014. Joomla 2.5 users do not need to migrate to Joomla 3.0 or 3.1.
Moving to Joomla 3.x from Joomla 2.5 will be a mini-migration not an upgrade, although for the core of Joomla! the migration should be simple. However, it is likely that templates for Joomla 2.5 will need modification to work with Joomla 3 as will many extensions. Always test prior to migrating and consult with the developers of any extensions and templates you use.
Support for Joomla 1.5 ended in April of 2012 and we continued to support it unofficially until the end of 2012 for medium to high priority security issues.
Does that mean your 1.5 site will suddenly stop working? No, your site will continue to work as it always has. However, Joomla’s developers will not be releasing new versions for Joomla 1.5, so you won’t be getting bug fixes or security fixes. For this reason, it’s recommended to migrate from 1.5.
Moving from 2.5 to any Joomla 3 version is relatively simple, since Joomla has made the process easy for newer versions. Unfortunately, moving from 1.5 is not a trivial task. Fortunately, there are two good extensions that make the process easier: jUpgrade and SPUpgrade.
You have a choice of going straight to Joomla 3.0 or going to 2.5 first. Both jUpgrade and SPUpgrade have versions ready for both versions. Please consult with their documentation on how to migrate from Joomla 1.5 to 3.0/2.5.
For most new/migrated sites, the Joomla! 3 series is the preferred series and starting on it avoids a mini-migration from Joomla 2.5 later down the road. Starting on the Joomla 3 series for a new/migrated site, also provides you with longer backward compatible support (with one-click upgrades) than starting a new site on 2.5 right now, because support for 3.x ends in 2016.
There are a variety of ways in which you can get actively involved with Joomla! It doesn’t matter if you are a coder, an integrator, or merely a user of Joomla!. You can contact the Joomla! Community Development Manager, David Hurley, [email protected], to get more information, or if you are ready you can jump right into the Joomla! Bug Squad.
The Joomla Bug Squad is one of the most active teams in the Joomla development process and is always looking for people (not just developers) that can help with sorting bug reports, coding patches and testing solutions. It’s a great way for increasing your working knowledge of Joomla, and also a great way to meet new people from all around the world.
If you are interested, please read about us on the Joomla Wiki and, if you wish to join, email Mark Dexter, one of the Bug Squad co-coordinators.
You can also help Joomla development by thanking those involved in the many areas of the process. The project also wants to thank all of the people who have taken the time to prepare and submit work to be included in Joomla 1.6,1.7, 2.5, & 3.1, and to those who have worked very hard on the Joomla Platform separation project.
If you are an extension developer, please make sure you subscribe to the general developer mailing list as this is a place where you can discuss extension development and news that may affect custom development will be posted from time to time.
Following is a list of previous news and information about Joomla and other sites of interest:
This beta release is the result of thousands of hours of work by dozens of volunteers. Thank you so very much for making Joomla the best CMS on the planet!
(Mar 15) A buffer overflow was discovered in the Firebird database server, which could result in the execution of arbitrary code. For the stable distribution (squeeze), this problem has been fixed in [More…]
(Mar 18) Several security issues were fixed in the Apache HTTP Server.
(Mar 19) Perl could be made to stop responding if it received specially craftedinput.
(Mar 19) Updated sssd packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More…]
(Mar 19) Updated kernel packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6.1 Extended Update Support. The Red Hat Security Response Team has rated this update as having [More…]
The following bugs have been fixed:
[-] Subscriptions that included mail services were not properly removed from PPA.
[-] PPA removed the main license key when a license key for a service node was terminated by the Parallels licensing system.
[-] Administrators failed to add service nodes because PPA incorrectly selected an IP address for communications between the management node and service nodes.
[-] Administrators failed to back up customer accounts that had Windows-based hosting subscriptions.
[-] The ppa_mssql package was installed successfully, but the database server was not available for use.
[-] Administrators failed to correctly transfer subscriptions with web forwarding configurations from Plesk for Windows. They encountered the following errors in the console: “Error: Failed to work around IIS dedicated application pools problem. Exception: (‘Failed to %s IIS dedicated application pool, see debug log for more details’, ‘enable’)”
[-] Administrators could not transfer customer accounts from Plesk to PPA if the accounts were associated with a single e-mail address. The following error message was shown in the console: ” There are a number of accounts that are associated with the same e-mail. Change e-mails for the conflicting accounts.”
[-] Administrators failed to move subscription between nodes in case the subscription’s domain had the standard forwarding type. PPA raised an error like “Exception message: Command /usr/local/psa/bin/sw-engine-pleskrun with arguments …”.
[-] When transferring a domain alias with the switched off mail service to PPA, the PPA moving tools erroneously registered the alias on the SmarterMail service node.
[-] The PPA moving tools added the content of the default site template to all transferred subdomains. Thus, after the transfer, subdomain’s root directory contained not only its source content but the content of the PPA site template as well. This happened only when perfroming the transfer from Expand based on Plesk 8.
[-] The PPA moving tools failed to transfer subscriptions that belonged to resellers’ customers.
[-] In some cases, the www DNS records were not transferred to PPA from source Plesk Panel servers.
[-] The ppa-transfer tool failed to transfer subscriptions to PPA in case they were associated with the same system user. The tool raised an error like ” [ERROR] parallels.common.safe |copy-content| Failed to perform an action on subscription…”.
[-] The PPA moving tools failed to transfer domains to PPA in case that domains had IPv6 addresses only.
cPanel & WHM 11.32 reaches end of life August 20, 2013. That means there are only 5 months left in the life cycle. In accordance with our End of Life Policy cPanel & WHM 11.32 will continue functioning on servers after reaching end of life. No further updates, including security …
(Mar 15) Stefan Bühler discovered that the Debian specific configuration file for lighttpd webserver FastCGI PHP support used a fixed socket name in the world-writable /tmp directory. A symlink attack or a race condition could be exploited by a malicious user on the same machine to take over the PHP control [More…]
(Mar 15) Typo3, a PHP-based content management system, was found vulnerable to several vulnerabilities. CVE-2013-1842 [More…]
(Mar 18) pam-xdg-support could be made to run programs as an administrator.
(Mar 18) Several security issues were fixed in the kernel.
(Mar 17) The recent security update for libvirt was found to cause a regression. The kvm/qemu processes weren’t run as the `kvm` user anymore in order to fix the file/device ownership changes, but the processes where not correctly configured to use the `kvm` group either. When the user would [More…]
(Mar 15) Bastian Blank discovered that libvirtd, a daemon for management of virtual machines, network and storage, would change ownership of devices files so they would be owned by user `libvirt-qemu` and group `kvm`, which is a general purpose group not specific to libvirt, allowing unintended write access to [More…]
(Mar 18) Several security issues were fixed in the kernel.
(Mar 18) Several security issues were fixed in the kernel.
(Mar 18) Updated krb5 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More…]
(Mar 14) Multiple vulnerabilities were discovered in the dissectors for the MS-MMS, RTPS, RTPS2, Mount, ACN, CIMD and DTLS protocols, which could result in denial of service or the execution of arbitrary code. [More…]
(Mar 14) An attacker could trick APT into installing altered packages.
(Mar 14) NSS could be made to expose sensitive information over the network.
(Mar 11) An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having [More…]
(Mar 11) Updated kernel-rt packages that fix several security issues and three bugs are now available for Red Hat Enterprise MRG 2.3. The Red Hat Security Response Team has rated this update as having [More…]
(Mar 14) Ovidiu Mara reported in 2010 a vulnerability in the ping util, commonly used by system and network administrators. By carefully crafting ICMP responses, an attacker could make the ping command hangs. [More…]
(Mar 14) Multiple vulnerabilities were discovered in zoneminder, a Linux video camera security and surveillance solution. The Common Vulnerabilities and Exposures project identifies the following problems: [More…]
58 queries. 8.75 mb Memory usage. 2.048 seconds.