(Sep 14) Updated bind packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More…]
Comment
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 2.5.6 and all earlier 2.5.x versions
- Exploit type: XSS Vulnerability
- Reported Date: 2012-April-30
- Fixed Date: 2012-September-13
Description
Inadequate escaping of output leads to XSS vulnerability.
Affected Installs
Joomla! versions 2.5.6 and all earlier 2.5.x versions
Solution
Upgrade to version 2.5.7
Reported by Janek Vind and Antoine Cervoise
Contact
The JSST at the Joomla! Security Center.
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 2.5.6 and all earlier 2.5.x versions
- Exploit type: XSS Vulnerability
- Reported Date: 2012-July-2
- Fixed Date: 2012-September-13
Description
Inadequate escaping of output leads to XSS vulnerability in language switcher module.
Affected Installs
Joomla! versions 2.5.6 and all earlier 2.5.x versions
Solution
Upgrade to version 2.5.7
Reported by S. Schurtz
Contact
The JSST at the Joomla! Security Center.
(Sep 13) Security Report Summary
(Sep 12) It was discovered that BIND, a DNS server, does not handle DNS records properly which approach size limits inherent to the DNS protocol. An attacker could use crafted DNS records to crash the BIND server process, leading to a denial of service. [More…]