JARVIS
Das CMS Joomla hat ein Update erhalten. Die Version 3.8.12 schließt 3 kleinere Sicherheitslücken und behebt über 20 Fehler.
Joomla 3.8.12 Security Notes
[20180801] – Core – Hardening the InputFilter for PHAR stubs
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Low
- Versions: 1.5.0 through 3.8.11
- Exploit type: Malicious file upload
- Reported Date: 2018-August-23
- Fixed Date: 2018-August-28
- CVE Number: CVE-2018-15882
Description
Inadequate checks in the InputFilter class could allow specifically prepared PHAR files to pass the upload filter.
Affected Installs
Joomla! CMS versions 1.5.0 through 3.8.11
[20180802] – Core – Stored XSS vulnerability in the frontend profile
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 1.5.0 through 3.8.11
- Exploit type: XSS
- Reported Date: 2018-July-10
- Fixed Date: 2018-August-28
- CVE Number: CVE-2018-15880
Description
Inadequate output filtering on the user profile page could lead to a stored XSS attack.
Affected Installs
Joomla! CMS versions 1.5.0 through 3.8.11
[20180803] – Core – ACL Violation in custom fields
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 3.7.0 through 3.8.11
- Exploit type: ACL Violation
- Reported Date: 2018-July-10
- Fixed Date: 2018-August-28
- CVE Number: CVE-2018-15881
Description
Inadequate checks regarding disabled fields can lead to an ACL violation.
Affected Installs
Joomla! CMS versions 3.7.0 through 3.8.11
Joomla 3.8.12 Bugfixes
- Remove debug from calendar field as it breaks saving to the DB PR-staging
- Tab not slider Language Change PR-staging
- Work on indexer PR-staging
- Merge Script Options recursive PR-staging
- [com_tags] All Tags default layout PR-staging
- Don’t show module chromes of disabled templates PR-staging
- Allow filtering by archived in Redirect Manager PR-staging
- Use the fixed menu item for open search url PR-staging
- [Fix] Batch menu items: Translate the menu item title when client is administrator PR-staging
- Cleanup batch copy of items PR-staging
- Fix validation messages in reverse order on installation PR-staging
- [com_content] Tags not shown in some cases PR-staging
- Set option by mime type, not by mode name PR-staging
- Stick permissions tab on scroll PR-staging
- Build a not on windows group for test PR-staging Unit/System Tests
- Repair the update of database schema changes on postgreSQL PR-staging
- Fix errors exposed by strict and also improve js PR-staging
- Escaping float value should be non-locale aware PR-staging Unit/System Tests
- Fix unit tests for PostgreSQL 10 PR-staging Unit/System Tests
- Fix minicolor initialization in subforms. etc. PR-staging
- Exclude components in discover state from list (Replaces #12469) PR-staging
- [com_content] Redundant access check PR-staging
- [mod_articles_latest/news] Featured articles not shown PR-staging
- Added security scan tool to CI setup
Quelle: https://www.joomla.org/announcements/release-news/5743-joomla-3-8-12-release.html
Interessiert in verschiedenste IT Themen, schreibe ich in diesem Blog über Software, Hardware, Smart Home, Games und vieles mehr. Ich berichte z.B. über die Installation und Konfiguration von Software als auch von Problemen mit dieser. News sind ebenso spannend, sodass ich auch über Updates, Releases und Neuigkeiten aus der IT berichte. Letztendlich nutze ich Taste-of-IT als eigene Dokumentation und Anlaufstelle bei wiederkehrenden Themen. Ich hoffe ich kann dich ebenso informieren und bei Problemen eine schnelle Lösung anbieten. Wer meinen Aufwand unterstützen möchte, kann gerne eine Tasse oder Pod Kaffe per PayPal spenden – vielen Dank.