Ike.ninja

• Project: Joomla!
• SubProject: CMS
• Impact: High
• Severity: Low
• Versions: 2.5.4 through 3.8.12
• Exploit type: Object Injection
• Reported Date: 2018-June-21
• Fixed Date: 2018-October-02
• CVE Number: CVE-2018-17856

Description

Joomla’s com_joomlaupdate allows the execution of arbitrary code. The default ACL config enabled access of Administrator-level users to access com_joomlaupdate and trigger a code execution.

Affected Installs

Joomla! CMS versions 2.5.4 through 3.8.12

Solution

Upgrade to version 3.8.13

Contact

The JSST at the Joomla! Security Centre.

Joomla 3.8.13 is now available. This is a security release for the 3.x series of Joomla which addresses 5 security vulnerabilities.

(Oct 8) Several vulnerabilities were discovered in tinc, a Virtual Private Network (VPN) daemon. The Common Vulnerabilities and Exposures project identifies the following problems:

(Oct 8) Several security issues were fixed in libxkbcommon.

(Oct 8) An update for rh-haproxy18-haproxy is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

See what Smart Updates for WP Toolkit on Plesk Onyx maintains your site and how AI technology helps you make the right update choices.

The post Smart Updates for WP Toolkit: Never fall behind again appeared first on Plesk.

(Oct 1) Several security issues were fixed in the Linux kernel.

(Oct 4) Security fix for CVE-2018-10897

(Oct 2) 4.1.5 GA —- 4.1.4 GA Security Fix for CVE-2018-10904 Security Fix for CVE-2018-10907 Security Fix for CVE-2018-10911 Security Fix for CVE-2018-10913 Security Fix for CVE-2018-10914 Security Fix for CVE-2018-10923 Security Fix for CVE-2018-10926 Security Fix for CVE-2018-10927 Security Fix for CVE-2018-10928 Security Fix for CVE-2018-10929 Security Fix for CVE-2018-10930 —- missing

(Oct 4) Several security issues were fixed in ImageMagick.

(Oct 4) Security fix for CVE-2018-16435

(Oct 3) Several security issues were fixed in Liblouis.

The end of the cPanel Conference always triggers a mixture of feelings for me. The completion of the project means a lot of pride, and there’s a huge amount of relief, but it’s also bitter-sweet to know it’ll be a whole year before we get together again. To everyone that attended, sponsored, or exhibited at the 2018 cPanel Conference, thank you! We do this for you, and you continue to make it worth it. A …

(Oct 2) – Update to bind-9.11.4-P2 – Add /dev/urandom to chroot (#1631515) – Fix multilib conflicts of devel package – Add support for OpenSSL provided random data

(Oct 3) Firefox could be made to crash or run programs as your login if it opened a malicious website.