An update for dbus is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
This update includes a fix for a security vulnerability, CVE_2018-20843: > Fix extraction of namespace prefixes from XML names; XML names with multiple colons could end up in the wrong namespace, and take a high amount of RAM and CPU resources while processing, opening the door to use for denial-of-service attacks For more information on the changes in 2.2.7, see the upstream release
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Versions: 3.9.7 – 3.9.8
- Exploit type: Remote Code Execution
- Reported Date: 2019-June-20
- Fixed Date: 2019-July-09
- CVE Number: TBA
Description
Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.
Affected Installs
Joomla! CMS versions 3.9.7 – 3.9.8
Solution
Upgrade to version 3.9.9
Contact
The JSST at the Joomla! Security Centre.
Joomla 3.9.9 Release
Joomla 3.9.9 is now available. This is a security fix release for the 3.x series of Joomla which addresses one security vulnerability and contains over 30 bug fixes and improvements.
Apport could be made to expose sensitive information in crash reports.