This is a security release fixing the following issues: * CVE-2019-1348: the fast-import stream command “feature export-marks=path” allows writing to arbitrary file paths. As libgit2 does not offer any interface for fast-import, it is not susceptible to this vulnerability. * CVE-2019-1349: by using NTFS 8.3 short names, backslashes or alternate filesystreams, it is possible to cause
Archive for December 16th, 2019
The 5.3.16 update contains a number of important fixes across the tree
Several security issues were fixed in GraphicsMagick.
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Low
- Versions: 2.5.0 – 3.9.13
- Exploit type: SQL injection
- Reported Date: 2019-December-01
- Fixed Date: 2019-December-17
- CVE Number: CVE-2019-19846
Description
The lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.
Affected Installs
Joomla! CMS versions 2.5.0 – 3.9.13
Solution
Upgrade to version 3.9.14
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 3.8.0 – 3.9.13
- Exploit type: Path Disclosure
- Reported Date: 2019-November-22
- Fixed Date: 2019-December-17
- CVE Number: CVE-2019-19845
Description
Missing access check in framework files could lead to a path disclosure.
Affected Installs
Joomla! CMS versions 3.8.0 – 3.9.13
Solution
Upgrade to version 3.9.14
Contact
The JSST at the Joomla! Security Centre.
An update for openshift-enterprise-console-container is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
An update for openshift-external-storage is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
The post Did You Know Plesk is Now on Udemy? appeared first on Plesk.