NYCPHP Meetup

NYPHP.org

[joomla] Fwd: Joomla! Security News

Laura Gordon rytech123 at gmail.com
Wed Mar 28 09:33:04 EDT 2012 

FYI...if you have 1.5 sites, you must upgrade to 1.5.26

see below...

-- laura

---------- Forwarded message ----------
From: Joomla! Developer Network - Security News <no_reply at joomla.org>
Date: Wed, Mar 28, 2012 at 8:28 AM
Subject: Joomla! Security News
To: rytech123 at gmail.com


**
   Joomla! Security News <http://developer.joomla.org/security/news.html>
 <http://fusion.google.com/add?source=atgs&feedurl=http://feeds.feedburner.com/JoomlaSecurityNews>
------------------------------

[20120305] - Core - Password
Change<http://feedproxy.google.com/%7Er/JoomlaSecurityNews/%7E3/Hs8kiB0ANEU/396-20120305-core-password-change.html?utm_source=feedburner&utm_medium=email>

Posted: 28 Mar 2012 12:21 AM PDT

   - *Project:* Joomla!
   - *SubProject:* All
   - * Severity:* High
   - *Versions:* 1.5.25 and all earlier 1.5.x versions
   - *Exploit type:* Password Change
   - *Reported Date:* 2012-March-8
   - *Fixed Date:* 2012-March-27

Description

Insufficient randomness leads to password reset vulnerability.
Affected Installs

Joomla! versions 1.5.25 and all earlier 1.5.x versions
Solution

Upgrade to version 1.5.26

Reported by George Argyros and Aggelos Kiayias
Contact

The JSST at the Joomla! Security Center.
<http://feeds.feedburner.com/%7Eff/JoomlaSecurityNews?a=Hs8kiB0ANEU:hYME1-6mPFs:yIl2AUoC8zA>

[20120306] - Core - Information
Disclosure<http://feedproxy.google.com/%7Er/JoomlaSecurityNews/%7E3/yEmRGoRnN-k/397-20120306-core-information-disclosure.html?utm_source=feedburner&utm_medium=email>

Posted: 28 Mar 2012 12:21 AM PDT

   - *Project:* Joomla!
   - *SubProject:* All
   - * Severity:* Low
   - *Versions:* 1.5.25 and all earlier 1.5.x versions
   - *Exploit type:* Information Disclosure
   - *Reported Date:* 2012-January-7
   - *Fixed Date:* 2012-March-27

Description

Inadequate permission checking allows unauthorised viewing of
administrative back end information.
Affected Installs

Joomla! versions 1.5.25 and all earlier 1.5.x versions
Solution

Upgrade to version 1.5.26

Reported by Cyrille Barthelemy
Contact

The JSST at the Joomla! Security Center.
<http://feeds.feedburner.com/%7Eff/JoomlaSecurityNews?a=yEmRGoRnN-k:lkumBhd-tpY:yIl2AUoC8zA>
   You are subscribed to email updates from Joomla! Developer Network -
Security News <http://developer.joomla.org/security/news.html>
To stop receiving these emails, you may unsubscribe
now<http://feedburner.google.com/fb/a/mailunsubscribe?k=VOn2LflPmMepisLclOaCvkcQLcA>
. Email delivery powered by Google  Google Inc., 20 West Kinzie, Chicago IL
USA 60610



-- 
I have a new email address: rytech123 at gmail.com

Trainer with www.Video2Brain.com
Board Member of www.JoomlaNYC.org
Trainer for www.JoomlaTraining.com
Sponsor & Coordinator for www.JoomlaDayNYC.com

www.RytechSites.com
Dynamic Websites for your company!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/joomla/attachments/20120328/b252dbe4/attachment.html>

More information about the Joomla mailing list