Ike.ninja

Several security issues were fixed in GNU binutils.

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

Several security issues were fixed in Thunderbird.

An update for git is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

• Project: Joomla!
• SubProject: CMS
• Impact: Moderate
• Severity: Low
• Versions: 2.5.0 – 3.9.16
• Exploit type: Incorrect Access Control
• Reported Date: 2020-March-13
• Fixed Date: 2020-April-21
• CVE Number: CVE-2020-11889

Description

Incorrect ACL checks in the access level section of com_users allow the unauthorized deletion of usergroups.

Affected Installs

Joomla! CMS versions 2.5.0 – 3.9.16

Solution

Upgrade to version 3.9.17

Contact

The JSST at the Joomla! Security Centre.

• Project: Joomla!
• SubProject: CMS
• Impact: Low
• Severity: Low
• Versions: 3.8.8 – 3.9.16
• Exploit type: Incorrect Access Control
• Reported Date: 2020-March-13
• Fixed Date: 2020-April-21
• CVE Number: CVE-2020-11891

Description

Incorrect ACL checks in the access level section of com_users allow the unauthorized editing of usergroups.

Affected Installs

Joomla! CMS versions 3.8.8 – 3.9.16

Solution

Upgrade to version 3.9.17

Contact

The JSST at the Joomla! Security Centre.

Bernd Edlinger discovered that malformed data passed to the SSL_check_chain() function during or after a TLS 1.3 handshake could cause a NULL dereference, resulting in denial of service.

Git could be made to expose sensitive information.

Netcraft has today received a Double Queen’s Award for Enterprise.

A Queen’s Award is the highest UK Government award for a British business. It
is awarded on the Queen’s Birthday each year, and, in different times, it would
include an invitation to a mass gathering at Buckingham Palace. The criteria set
by our Government searches for considerable progress sustained over a six year
period. This year, 128 companies received a Queen’s Award for International
Trade and 66 companies a Queen’s Award for Innovation.

Netcraft is one of three companies to receive a Queen’s Award in both
categories. The full list of winners is listed in the Queen’s Awards Press
Book
.

Carlo Arenas discovered a flaw in git, a fast, scalable, distributed revision control system. With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential information that is not appropriate for

File Roller could be made to expose sensitive information.

Bugfix release from Google for 80.0.3987.162. —- Update to 80.0.3987.162. Fixes the following CVEs: * CVE-2020-6450 * CVE-2020-6451 * CVE-2020-6452

Security fix for CVE-2020-5260 From the upstream [release notes](https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.17.4.txt): > With a crafted URL that contains a newline in it, the credential > helper machinery can be fooled to give credential information for > a wrong host. The attack has been made impossible by forbidding > a newline character in any value

– New Firefox and NSS upstream update – More info at https://www.mozilla.org/en- US/firefox/75.0/releasenotes/

The following vulnerability has been discovered in the webkit2gtk web engine: CVE-2020-11793