**RELEASE 1.4.7** – Fix bug where subfolders of special folders could have been duplicated on folder list – Increase maximum size of contact jobtitle and department fields to 128 characters – Fix missing newline after the logged line when writing to stdout (#7418) – Elastic: Fix context menu (paste) on the recipient input (#7431) – Fix problem with forwarding inline images attached to
Archive for July 14th, 2020
Add patch to bump W_MAX_BYTES to 8.
A X-Frame-Options bypass was discovered in Firefox.
WordPress 5.5 Beta 2
WordPress 5.5 Beta 2 is now available! This software is still in development, so it’s not recommended to run this version on a production site. Consider setting up a test site to play with the new version. You can test WordPress 5.5 beta 2 in two ways: Try the WordPress Beta Tester plugin (choose the “bleeding edge nightlies” […]
Joomla 3.9.20 Release
Joomla 3.9.20 is now available. This is a security release for the 3.x series of Joomla which addresses 6 security vulnerabilities and contains over 25 bug fixes and improvements.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 3.0.0-3.9.19
- Exploit type: Information Disclosure
- Reported Date: 2020-Jun-17
- Fixed Date: 2020-July-14
- CVE Number: CVE-2020-15698
Description
Inadequate filtering in the system information screen could expose redis or proxy credentials
Affected Installs
Joomla! CMS versions 3.0.0 – 3.9.19
Solution
Upgrade to version 3.9.20
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 3.0.0-3.9.19
- Exploit type: XSS
- Reported Date: 2020-Jun-08
- Fixed Date: 2020-July-14
- CVE Number: CVE-2020-15696
Description
Lack of input filtering and escaping allows XSS attacks in mod_random_image
Affected Installs
Joomla! CMS versions 3.0.0 – 3.9.19
Solution
Upgrade to version 3.9.20
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 3.0.0-3.9.19
- Exploit type: Incorrect Access Control
- Reported Date: 2020-Jun-02
- Fixed Date: 2020-July-14
- CVE Number: CVE-2020-15697
Description
Internal read-only fields in the User table class could be modified by users.
Affected Installs
Joomla! CMS versions 3.9.0 – 3.9.19
Solution
Upgrade to version 3.9.20
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 3.9.0-3.9.19
- Exploit type: CSRF
- Reported Date: 2020-May-07
- Fixed Date: 2020-July-14
- CVE Number: CVE-2020-15695
Description
A missing token check in the remove request section of com_privacy causes a CSRF vulnerability.
Affected Installs
Joomla! CMS versions 3.9.0 – 3.9.19
Solution
Upgrade to version 3.9.20
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Versions: 2.5.0-3.9.19
- Exploit type: Incorrect Access Control
- Reported Date: 2020-April-04
- Fixed Date: 2020-July-14
- CVE Number: CVE-2020-15699
Description
Missing validation checks at the usergroups table object can result into an broken site configuration.
Affected Installs
Joomla! CMS versions 2.5.0 – 3.9.19
Solution
Upgrade to version 3.9.20
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 3.7.0-3.9.19
- Exploit type: CSRF
- Reported Date: 2020-May-07
- Fixed Date: 2020-July-14
- CVE Number: CVE-2020-XXXXX
Description
A missing token check in the ajax_install endpoint com_installer causes a CSRF vulnerability.
Affected Installs
Joomla! CMS versions 3.7.0 – 3.9.19
Solution
Upgrade to version 3.9.20
Contact
The JSST at the Joomla! Security Centre.
Several security issues were fixed in WebKitGTK.
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,