There are multiple factors that contribute to your hosting company’s success. One undeniable factor that separates good hosting providers from great hosting providers is the level of technical support they provide their customers. Providing customers with easy, fast solutions when they need it is the best way to increase loyalty, retention, as well as promote evangelism for your business. We want to make sure your technical support staff is at …
Archive for March, 2018
Last week was the annual CloudFest conference (previously WHD.global) in Rust, Germany. cPanel, Inc. was a Diamond Sponsor, and we showed up in force! Twenty-seven eager cPanel employees from four departments came along. We all got to meet with existing and potential customers and to pass out some pretty handy gloves. Celebrate the Cloud! Most of us in the technology industry have a love/hate relationship with …
(Mar 14) Multiple vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-1000120
(Mar 17) Richard Zhu and Huzaifa Sidhpurwala discovered that an out-of-bounds memory write when playing Vorbis media files could result in the execution of arbitrary code.
(Mar 13) nx-libs 3.5.0.33: – Don’t allow overriding of X.Org Server UNIX sockets via TEMP/NX_TEMP environment variables. Fixes problems on machines that use pam_tempdir.so. – Fix CVE-2017-2624 (timingsafe_memcmp) by Ulrich Sibiller. – Potentially improve LAN- and WAN-type connection speed settings scenarios. Includes a regression fix for VPN connections by Simon Matter. – Fix problems in
(Mar 13) nx-libs 3.5.0.33: – Don’t allow overriding of X.Org Server UNIX sockets via TEMP/NX_TEMP environment variables. Fixes problems on machines that use pam_tempdir.so. – Fix CVE-2017-2624 (timingsafe_memcmp) by Ulrich Sibiller. – Potentially improve LAN- and WAN-type connection speed settings scenarios. Includes a regression fix for VPN connections by Simon Matter. – Fix problems in
(Mar 14) An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
(Mar 15) An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
(Mar 13) * CVE-2018-6767 * CVE-2018-7253
(Mar 16) Richard Zhu discovered that an out-of-bounds memory write in the codeboook parsing code of the Libvorbis multimedia library could result in the execution of arbitrary code.
(Mar 13) Security fix for CVE-2018-6942.
(Mar 16) Huzaifa Sidhpurwala discovered that an out-of-bounds memory write in the codebook parsing code of the Libtremor multimedia library could result in the execution of arbitrary code if a malformed Vorbis file is opened.
(Mar 13) Several security issues were fixed in Samba.
(Mar 15) An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
(Mar 15) An update for erlang is now available for Red Hat OpenStack Platform 9.0 (Mitaka). Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which
(Mar 15) Several vulnerabilities were discovered in mbed TLS, a lightweight crypto and SSL/TLS library, that allowed a remote attacker to either cause a denial-of-service by application crash, or execute arbitrary code.
(Mar 13) This update fixes CVE-2017-18196. —- This update backports security fixes for CVE-2018-3836, CVE-2018-7186 and CVE-2018-7247.
(Mar 15) Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors and other implementation errors may lead to the execution of arbitrary code, denial of service or information disclosure.
(Mar 13) This update fixes CVE-2017-18196. —- This update backports security fixes for CVE-2018-3836, CVE-2018-7186 and CVE-2018-7247.
(Mar 15) Several security issues were fixed in the Linux kernel.
(Mar 15) Several security issues were fixed in the Linux kernel.
(Mar 15) An update for ceph is now available for Red Hat Ceph Storage 3.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
(Mar 15) An update for ceph is now available for Red Hat Ceph Storage 3.0 for Ubuntu 16.04. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Low
- Versions: 3.5.0 through 3.8.5
- Exploit type: SQLi
- Reported Date: 2018-March-08
- Fixed Date: 2018-March-12
- CVE Number: CVE-2018-8045
Description
The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the User Notes list view
Affected Installs
Joomla! CMS versions 3.5.0 through 3.8.5
Solution
Upgrade to version 3.8.6
Contact
The JSST at the Joomla! Security Centre.
Joomla 3.8.6 Release

Joomla 3.8.6 is now available. This is a security fix release for the 3.x series of Joomla addressing one security vulnerability and including over 60 bug fixes and improvements.
(Feb 27) Kelby Ludwig and Scott Cantor discovered that the Shibboleth service provider is vulnerable to impersonation attacks and information disclosure due to incorrect XML parsing. For additional details please refer to the upstream advisory at
(Mar 2) Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server. They could lead to the use of an incorrect upstream proxy, or allow a remote attacker to cause a denial-of-service by application crash.
(Mar 11) **PHP version 7.1.15** (01 Mar 2018) **Apache2Handler:** * Fixed bug php#75882 (a simple way for segfaults in threadsafe php just with configuration). (Anatol) **Date:** * Fixed bug php#75857 (Timezone gets truncated when formatted). (carusogabriel) * Fixed bug php#75928 (Argument 2 for `DateTimeZone::listIdentifiers()` should accept `null`). (Pedro Lacerda) * Fixed
(Mar 11) **MySQL 5.7.21** Bugs fixed: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-21.html CVEs fixed: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html CVE-2018-2696 CVE-2018-2703 CVE-2018-2565 CVE-2018-2573 CVE-2018-2576 CVE-2018-2583 CVE-2018-2586 CVE-2018-2590 CVE-2018-2600 CVE-2018-2612