The following bugs have been fixed:
[-] Automatic key update fails for KAV if the additional key is installed as a part of PowerPack
Comment
The following bugs have been fixed:
[-] Automatic key update fails for KAV if the additional key is installed as a part of PowerPack
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 2.5.0 and 1.7.0 – 1.7.4
- Exploit type: Information Disclosure
- Reported Date: 2012-January-29
- Fixed Date: 2012-February-02
Description
Inadequate validation leads to path disclosure in administrator.
Affected Installs
Joomla! version 2.5.0, 1.7.4, and all earlier 1.7.x versions
Solution
Upgrade to version 2.5.1 or 1.7.5 or higher
Reported by Jakub Galczyk
Contact
The JSST at the Joomla! Security Center.
- Project: Joomla!
- SubProject: All
- Severity: Moderate
- Versions: 1.7.4 and all earlier 1.7.x versions
- Exploit type: Information Disclosure
- Reported Date: 2012-January-06
- Fixed Date: 2012-February-02
Description
On some servers the error log could be read by unauthorised users.
Affected Installs
Joomla! version 1.7.4 and all earlier 1.7.x versions
Solution
Upgrade to version 2.5.1 or 1.7.5 or higher
Reported by Alain Rivest
Contact
The JSST at the Joomla! Security Center.
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 2.5.0 and 1.7.0 – 1.7.4
- Exploit type: Information Disclosure
- Reported Date: 2012-January-29
- Fixed Date: 2012-February-02
Description
Inadequate validation leads to information disclosure in administrator.
Affected Installs
Joomla! version 2.5.0, 1.7.4, and all earlier 1.7.x versions
Solution
Upgrade to version 1.7.5 or 2.5.1 or higher
Reported by Jakub Galczyk
Contact
The JSST at the Joomla! Security Center.