The following bug has been fixed:
[-] Fixed moderate security issue in Courier IMAP server (#79692)
Comment
The following bug has been fixed:
[-] Fixed moderate security issue in Courier IMAP server (#79692)
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 1.5.25 and all earlier 1.5.x versions
- Exploit type: Information Disclosure
- Reported Date: 2012-January-7
- Fixed Date: 2012-March-27
Description
Inadequate permission checking allows unauthorised viewing of administrative back end information.
Affected Installs
Joomla! versions 1.5.25 and all earlier 1.5.x versions
Solution
Upgrade to version 1.5.26
Reported by Cyrille Barthelemy
Contact
The JSST at the Joomla! Security Center.
- Project: Joomla!
- SubProject: All
- Severity: High
- Versions: 1.5.25 and all earlier 1.5.x versions
- Exploit type: Password Change
- Reported Date: 2012-March-8
- Fixed Date: 2012-March-27
Description
Insufficient randomness leads to password reset vulnerability.
Affected Installs
Joomla! versions 1.5.25 and all earlier 1.5.x versions
Solution
Upgrade to version 1.5.26
Reported by George Argyros and Aggelos Kiayias
Contact
The JSST at the Joomla! Security Center.
The CSR
Before you can order the SSL, you will need to create a CSR, or Certificate Signing Request. The CSR tells the certificate authority the information that the certificate will contain.
To create the CSR you can:
Login to WHM and go to “Generate a SSL Certificate and Signing Request”
You will now need to fill out the information. It is a good idea to have a copy of the certificate, CSR and the key e-mailed to you for your records. You may need the key later, especially if you plan to use the SSL on a different server than it was created.
Once you have the CSR you can take it to the certificate authority to have them sign it. Once they approve the SSL, after possible vetting steps, you are issued a signed trusted certificate.
The Install
In order to install the SSL you will need to go back in to WHM. In order to install the SSL you will need to have the domain on its own cPanel account as well as on its own IP address. If it is setup on an addon domain there are instructions for moving the domain to its own cPanel account in a different post.