NYCPHP Meetup

NYPHP.org

[joomla] Fwd: Joomla! Security News

Matt Thomas matt at betweenbrain.com
Tue Jun 19 08:58:08 EDT 2012 

Yes, this issue seems to effect only certain extensions, but is a fatal
error and will bring a site down. Just a heads up.

Best,

Matt Thomas
Founder betweenbrain <http://betweenbrain.com/>™
Lead Developer Construct Template Development
Framework<http://construct-framework.com/>
Phone: 203.632.9322
Twitter: @betweenbrain
Github: https://github.com/betweenbrain



On Tue, Jun 19, 2012 at 8:55 AM, Steve Burge <steve at ostraining.com> wrote:

> I updated 20+ sites yesterday with no problems.
>
> This is just an issue with some individual extensions, right?
>
> Steve
>
> On Tuesday, June 19, 2012 at 8:47 AM, Matt Thomas wrote:
>
> Please be aware that there are known issues when upgrading to 2.5.5 (i.e.
> http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=28684).
> It took down two of my sites yesterday and many users can't upgrade until
> those issues are fixed. 2.5.6 is coming soon.
>
> Best,
>
> Matt Thomas
> Founder betweenbrain <http://betweenbrain.com/>™
> Lead Developer Construct Template Development Framework<http://construct-framework.com/>
> Phone: 203.632.9322
> Twitter: @betweenbrain
> Github: https://github.com/betweenbrain
>
>
>
> On Tue, Jun 19, 2012 at 8:43 AM, Laura Gordon <rytech123 at gmail.com> wrote:
>
> Hi all,
> Just wanted to forward this over to the entire group.  If you are using
> joomla 2.5.4, it is time to upgrade to joomla 2.5.5.  Good news is that you
> can do it with a click of a button!  So click away!
>
> -- Laura
>
> ---------- Forwarded message ----------
> From: *Joomla! Developer Network - Security News* <no_reply at joomla.org>
> Date: Tue, Jun 19, 2012 at 8:20 AM
> Subject: Joomla! Security News
> To: rytech123 at gmail.com
>
>
> **
>    Joomla! Security News <http://developer.joomla.org/security/news.html>
>  <http://fusion.google.com/add?source=atgs&feedurl=http://feeds.feedburner.com/JoomlaSecurityNews>
> ------------------------------
>
> [20120601] - Core - Privilege Escalation<http://feedproxy.google.com/%7Er/JoomlaSecurityNews/%7E3/I2o1kbJKIVQ/470-20120601-core-privilege-escalation.html?utm_source=feedburner&utm_medium=email>
>
> Posted: 19 Jun 2012 12:21 AM PDT
>
>    - *Project:* Joomla!
>    - *SubProject:* All
>    - * Severity:* Medium High
>    - *Versions:* 2.5.4 and all earlier 2.5.x versions
>    - *Exploit type:* Privilege Escalation
>    - *Reported Date:* 2012-April-29
>    - *Fixed Date:* 2012-June-18
>
> Description
>
> Inadequate checking leads to possible user privilege escalation.
> Affected Installs
>
> Joomla! versions 2.5.4 and all earlier 2.5.x versions
> Solution
>
> Upgrade to version 2.5.5
>
> Reported by Nils Rückmann
> Contact
>
> The JSST at the Joomla! Security Center.
> <http://feeds.feedburner.com/%7Eff/JoomlaSecurityNews?a=I2o1kbJKIVQ:Mi-lzlMckGo:yIl2AUoC8zA>
>
> [20120602] - Core - Information Disclosure<http://feedproxy.google.com/%7Er/JoomlaSecurityNews/%7E3/K71HzujRDDs/471-20120602-core-information-disclosure.html?utm_source=feedburner&utm_medium=email>
>
> Posted: 19 Jun 2012 12:21 AM PDT
>
>    - *Project:* Joomla!
>    - *SubProject:* All
>    - * Severity:* Low
>    - *Versions:* 2.5.4 and all earlier 2.5.x versions
>    - *Exploit type:* Information Disclosure
>    - *Reported Date:* 2012-May-1
>    - *Fixed Date:* 2012-June-18
>
> Description
>
> Inadequate filtering leads SQL error and information disclosure.
> Affected Installs
>
> Joomla! versions 2.5.4 and all earlier 2.5.x versions
> Solution
>
> Upgrade to version 2.5.5
>
> Reported by Jakub Galczyk
> Contact
>
> The JSST at the Joomla! Security Center.
> <http://feeds.feedburner.com/%7Eff/JoomlaSecurityNews?a=K71HzujRDDs:drlJPIxfM5Y:yIl2AUoC8zA>
>     You are subscribed to email updates from Joomla! Developer Network -
> Security News <http://developer.joomla.org/security/news.html>
> To stop receiving these emails, you may unsubscribe now<http://feedburner.google.com/fb/a/mailunsubscribe?k=VOn2LflPmMepisLclOaCvkcQLcA>
> . Email delivery powered by Google  Google Inc., 20 West Kinzie, Chicago
> IL USA 60610
>
>
>
> --
> I have a new email address: rytech123 at gmail.com
>
> Trainer with www.Video2Brain.com
> Board Member of www.JoomlaNYC.org
> Trainer for www.JoomlaTraining.com
> Sponsor & Coordinator for www.JoomlaDayNYC.com
>
> www.RytechSites.com
> Dynamic Websites for your company!
>
>
>
>
> _______________________________________________
> New York PHP SIG: Joomla! Mailing List
> http://lists.nyphp.org/mailman/listinfo/joomla
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
>
> _______________________________________________
> New York PHP SIG: Joomla! Mailing List
> http://lists.nyphp.org/mailman/listinfo/joomla
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
>
>
> _______________________________________________
> New York PHP SIG: Joomla! Mailing List
> http://lists.nyphp.org/mailman/listinfo/joomla
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/joomla/attachments/20120619/7b46f114/attachment.html>

More information about the Joomla mailing list