NYCPHP Meetup

NYPHP.org

[joomla] Fwd: Joomla! Security News

Matt Thomas matt at betweenbrain.com
Tue Jun 19 11:29:57 EDT 2012 

We don't know yet. It could potentially be any third party extension. I
believe the issue is tied to use of registerEvent.

Best,

Matt Thomas
Founder betweenbrain <http://betweenbrain.com/>™
Lead Developer Construct Template Development
Framework<http://construct-framework.com/>
Phone: 203.632.9322
Twitter: @betweenbrain
Github: https://github.com/betweenbrain



On Tue, Jun 19, 2012 at 11:21 AM, Helvécio da Silva
<helvecio.rj at gmail.com>wrote:

> Which extensions installed can cause a site to crash during the update?
>
> Thanx
>
>
> 2012/6/19 Matt Thomas <matt at betweenbrain.com>
>
>> Yes, this issue seems to effect only certain extensions, but is a fatal
>> error and will bring a site down. Just a heads up.
>>
>> Best,
>>
>> Matt Thomas
>> Founder betweenbrain <http://betweenbrain.com/>™
>> Lead Developer Construct Template Development Framework<http://construct-framework.com/>
>> Phone: 203.632.9322
>> Twitter: @betweenbrain
>> Github: https://github.com/betweenbrain
>>
>>
>>
>> On Tue, Jun 19, 2012 at 8:55 AM, Steve Burge <steve at ostraining.com>wrote:
>>
>>> I updated 20+ sites yesterday with no problems.
>>>
>>> This is just an issue with some individual extensions, right?
>>>
>>> Steve
>>>
>>> On Tuesday, June 19, 2012 at 8:47 AM, Matt Thomas wrote:
>>>
>>> Please be aware that there are known issues when upgrading to 2.5.5
>>> (i.e.
>>> http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=28684).
>>> It took down two of my sites yesterday and many users can't upgrade until
>>> those issues are fixed. 2.5.6 is coming soon.
>>>
>>> Best,
>>>
>>> Matt Thomas
>>> Founder betweenbrain <http://betweenbrain.com/>™
>>> Lead Developer Construct Template Development Framework<http://construct-framework.com/>
>>> Phone: 203.632.9322
>>> Twitter: @betweenbrain
>>> Github: https://github.com/betweenbrain
>>>
>>>
>>>
>>> On Tue, Jun 19, 2012 at 8:43 AM, Laura Gordon <rytech123 at gmail.com>wrote:
>>>
>>> Hi all,
>>> Just wanted to forward this over to the entire group.  If you are using
>>> joomla 2.5.4, it is time to upgrade to joomla 2.5.5.  Good news is that you
>>> can do it with a click of a button!  So click away!
>>>
>>> -- Laura
>>>
>>> ---------- Forwarded message ----------
>>> From: *Joomla! Developer Network - Security News* <no_reply at joomla.org>
>>> Date: Tue, Jun 19, 2012 at 8:20 AM
>>> Subject: Joomla! Security News
>>> To: rytech123 at gmail.com
>>>
>>>
>>> **
>>>    Joomla! Security News<http://developer.joomla.org/security/news.html>
>>>  <http://fusion.google.com/add?source=atgs&feedurl=http://feeds.feedburner.com/JoomlaSecurityNews>
>>> ------------------------------
>>>
>>> [20120601] - Core - Privilege Escalation<http://feedproxy.google.com/%7Er/JoomlaSecurityNews/%7E3/I2o1kbJKIVQ/470-20120601-core-privilege-escalation.html?utm_source=feedburner&utm_medium=email>
>>>
>>> Posted: 19 Jun 2012 12:21 AM PDT
>>>
>>>    - *Project:* Joomla!
>>>    - *SubProject:* All
>>>    - * Severity:* Medium High
>>>    - *Versions:* 2.5.4 and all earlier 2.5.x versions
>>>    - *Exploit type:* Privilege Escalation
>>>    - *Reported Date:* 2012-April-29
>>>    - *Fixed Date:* 2012-June-18
>>>
>>> Description
>>>
>>> Inadequate checking leads to possible user privilege escalation.
>>> Affected Installs
>>>
>>> Joomla! versions 2.5.4 and all earlier 2.5.x versions
>>> Solution
>>>
>>> Upgrade to version 2.5.5
>>>
>>> Reported by Nils Rückmann
>>> Contact
>>>
>>> The JSST at the Joomla! Security Center.
>>> <http://feeds.feedburner.com/%7Eff/JoomlaSecurityNews?a=I2o1kbJKIVQ:Mi-lzlMckGo:yIl2AUoC8zA>
>>>
>>> [20120602] - Core - Information Disclosure<http://feedproxy.google.com/%7Er/JoomlaSecurityNews/%7E3/K71HzujRDDs/471-20120602-core-information-disclosure.html?utm_source=feedburner&utm_medium=email>
>>>
>>> Posted: 19 Jun 2012 12:21 AM PDT
>>>
>>>    - *Project:* Joomla!
>>>    - *SubProject:* All
>>>    - * Severity:* Low
>>>    - *Versions:* 2.5.4 and all earlier 2.5.x versions
>>>    - *Exploit type:* Information Disclosure
>>>    - *Reported Date:* 2012-May-1
>>>    - *Fixed Date:* 2012-June-18
>>>
>>> Description
>>>
>>> Inadequate filtering leads SQL error and information disclosure.
>>> Affected Installs
>>>
>>> Joomla! versions 2.5.4 and all earlier 2.5.x versions
>>> Solution
>>>
>>> Upgrade to version 2.5.5
>>>
>>> Reported by Jakub Galczyk
>>> Contact
>>>
>>> The JSST at the Joomla! Security Center.
>>> <http://feeds.feedburner.com/%7Eff/JoomlaSecurityNews?a=K71HzujRDDs:drlJPIxfM5Y:yIl2AUoC8zA>
>>>     You are subscribed to email updates from Joomla! Developer Network
>>> - Security News <http://developer.joomla.org/security/news.html>
>>> To stop receiving these emails, you may unsubscribe now<http://feedburner.google.com/fb/a/mailunsubscribe?k=VOn2LflPmMepisLclOaCvkcQLcA>
>>> . Email delivery powered by Google  Google Inc., 20 West Kinzie,
>>> Chicago IL USA 60610
>>>
>>>
>>>
>>> --
>>> I have a new email address: rytech123 at gmail.com
>>>
>>> Trainer with www.Video2Brain.com
>>> Board Member of www.JoomlaNYC.org
>>> Trainer for www.JoomlaTraining.com
>>> Sponsor & Coordinator for www.JoomlaDayNYC.com
>>>
>>> www.RytechSites.com
>>> Dynamic Websites for your company!
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> New York PHP SIG: Joomla! Mailing List
>>> http://lists.nyphp.org/mailman/listinfo/joomla
>>>
>>> NYPHPCon 2006 Presentations Online
>>> http://www.nyphpcon.com
>>>
>>> Show Your Participation in New York PHP
>>> http://www.nyphp.org/show_participation.php
>>>
>>>
>>> _______________________________________________
>>> New York PHP SIG: Joomla! Mailing List
>>> http://lists.nyphp.org/mailman/listinfo/joomla
>>>
>>> NYPHPCon 2006 Presentations Online
>>> http://www.nyphpcon.com
>>>
>>> Show Your Participation in New York PHP
>>> http://www.nyphp.org/show_participation.php
>>>
>>>
>>>
>>> _______________________________________________
>>> New York PHP SIG: Joomla! Mailing List
>>> http://lists.nyphp.org/mailman/listinfo/joomla
>>>
>>> NYPHPCon 2006 Presentations Online
>>> http://www.nyphpcon.com
>>>
>>> Show Your Participation in New York PHP
>>> http://www.nyphp.org/show_participation.php
>>>
>>
>>
>> _______________________________________________
>> New York PHP SIG: Joomla! Mailing List
>> http://lists.nyphp.org/mailman/listinfo/joomla
>>
>> NYPHPCon 2006 Presentations Online
>> http://www.nyphpcon.com
>>
>> Show Your Participation in New York PHP
>> http://www.nyphp.org/show_participation.php
>>
>
>
>
> --
> Helvecio "Elvis" da Silva
> Rio de Janeiro - Brasil - helvecio.rj at gmail.com
> http://www.helvecio.com - http://blog.helvecio.com
>
>
> _______________________________________________
> New York PHP SIG: Joomla! Mailing List
> http://lists.nyphp.org/mailman/listinfo/joomla
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/joomla/attachments/20120619/e48c5696/attachment.html>

More information about the Joomla mailing list