Archive for May 8th, 2019

8 results.

Fedora 28: filezilla Security Update

May08
by Ike on May 8, 2019 at 10:27 pm
Posted In: Uncategorized

Fix for CVE-2019-5429

 Comment 

Fedora 28: libfilezilla Security Update

May08
by Ike on May 8, 2019 at 9:48 pm
Posted In: Uncategorized

Fix for CVE-2019-5429

 Comment 

RedHat: RHSA-2019-1116:01 Important: redhat-virtualization-host security

May08
by Ike on May 8, 2019 at 9:45 am
Posted In: Uncategorized

An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

 Comment 

RedHat: RHSA-2019-1046:01 Important: rhvm-setup-plugins security and bug

May08
by Ike on May 8, 2019 at 8:40 am
Posted In: Uncategorized

An update for rhvm-setup-plugins is now available for Red Hat Virtualization Engine 4.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

 Comment 

RedHat: RHSA-2019-1107:01 Important: Red Hat JBoss Enterprise Application

May08
by Ike on May 8, 2019 at 8:14 am
Posted In: Uncategorized

An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

 Comment 

RedHat: RHSA-2019-1108:01 Important: Red Hat JBoss Enterprise Application

May08
by Ike on May 8, 2019 at 8:14 am
Posted In: Uncategorized

An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

 Comment 

RedHat: RHSA-2019-1106:01 Important: Red Hat JBoss Enterprise Application

May08
by Ike on May 8, 2019 at 8:05 am
Posted In: Uncategorized

An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

 Comment 

[20190502] – Core – By-passing protection of Phar Stream Wrapper Interceptor

May08
by Ike on May 8, 2019 at 12:00 am
Posted In: Uncategorized
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Low
  • Versions: 3.9.3 through 3.9.5
  • Exploit type: Object Injection
  • Reported Date: 2019-March-27
  • Fixed Date: 2019-May-07

Description

In Joomla 3.9.3, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the Joomla core. In order to intercept file invocations like file_exists or stat on compromised Phar archives the base name has to be determined and checked before allowing to be handled by PHP Phar stream handling. The used implementation however is vulnerable to path traversal leading to scenarios where the Phar archive to be assessed is not the actual (compromised) file.

Affected Installs

Joomla! CMS versions 3.9.3 through 3.9.5

Solution

Upgrade to version 3.9.6

Contact

The JSST at the Joomla! Security Centre.

Reported By: Daniel le Gall, Fix coordinated by Oliver Hader from TYPO3

 Comment 

59 queries. 8.5 mb Memory usage. 0.605 seconds.