Alert - GCSA-11054 -Tabella di vulnerabilita' delle applicazioni
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-11054
Data : 11 Luglio 2011
Titolo : Tabella di vulnerabilita' delle applicazioni Web piu' comuni
******************************************************************
Di seguito una tabella con le vulnerabilita' riscontrate nei framework
piu' comuni utilizzati in applicazioni web, nella sezione "Riferimenti"
i link agli approfondimenti
:: PHP
PHP 5.3.6 fix:
Enforce security in the fastcgi protocol parsing with fpm SAPI.
Fixed bug #54247 (format-string vulnerability on Phar). (CVE-2011-1153)
Fixed bug #54193 (Integer overflow in shmop_read()). (CVE-2011-1092)
Fixed bug #54055 (buffer overrun with high values for precision ini
setting).
Fixed bug #54002 (crash on crafted tag in exif). (CVE-2011-0708)
Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty
archive). (CVE-2011-0421)
:: Riferimenti
PHP:
http://www.php.net/archive/2011.php#id2011-03-17-1
Secunia:
http://secunia.com/advisories/43328/
http://secunia.com/advisories/43744/
SecurityFocus:
http://www.securityfocus.com/bid/46786
http://www.securityfocus.com/bid/46365
http://www.securityfocus.com/bid/46354
http://www.securityfocus.com/bid/46786
http://www.securityfocus.com/bid/46843
http://www.securityfocus.com/bid/46968
http://www.securityfocus.com/bid/46977
http://www.securityfocus.com/bid/46970
http://www.securityfocus.com/bid/46969
http://www.securityfocus.com/bid/46975
Mitre CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0708
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1471
::::::::::::::::::
PHP 5.3.5
Fixed bug #53632 (PHP hangs on numeric value
2.2250738585072011e-308). (CVE-2010-4645)
:: Riferimenti
PHP:
http://bugs.php.net/bug.php?id=53632
SecurityFocus:
http://www.securityfocus.com/bid/45668
Mitre CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4645
:::::::::::::::::::
PHP 5.3.4
Fixed crash in zip extract method (possible CWE-170).
Paths with NULL in them (foo bar.txt) are now considered as invalid
(CVE-2006-7243).
Fixed a possible double free in imap extension (Identified by
Mateusz Kocielski). (CVE-2010-4150).
Fixed NULL pointer dereference in ZipArchive::getArchiveComment.
(CVE-2010-3709).
Fixed possible flaw in open_basedir (CVE-2010-3436).
Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950).
Fixed symbolic resolution support when the target is a DFS share.
Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL
with large amount of data) (CVE-2010-3710).
:: Riferimenti
PHP:
http://www.php.net/ChangeLog-5.php#5.3.4
Secunia:
http://secunia.com/advisories/41724/
SecurityFocus:
http://www.securityfocus.com/bid/44951
http://www.securityfocus.com/bid/44723
http://www.securityfocus.com/bid/44718
http://www.securityfocus.com/bid/43926
http://www.securityfocus.com/bid/44605
http://www.securityfocus.com/bid/44980
http://www.securityfocus.com/bid/45119
http://www.securityfocus.com/bid/45954
http://www.securityfocus.com/bid/45952
http://www.securityfocus.com/bid/45338
CVE Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3436
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3870
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4699
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4697
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4698
:::::::::::::::::
PHP 5.3.3:
Rewrote var_export() to use smart_str rather than output buffering,
prevents data disclosure if a fatal error occurs (CVE-2010-2531).
Fixed a possible resource destruction issues in shm_put_var().
Fixed a possible information leak because of interruption of XOR
operator.
Fixed a possible memory corruption because of unexpected call-time
pass by refernce and following memory clobbering through callbacks.
Fixed a possible memory corruption in ArrayObject::uasort().
Fixed a possible memory corruption in parse_str().
Fixed a possible memory corruption in pack().
Fixed a possible memory corruption in substr_replace().
Fixed a possible memory corruption in addcslashes().
Fixed a possible stack exhaustion inside fnmatch().
Fixed a possible dechunking filter buffer overflow.
Fixed a possible arbitrary memory access inside sqlite extension.
Fixed string format validation inside phar extension.
Fixed handling of session variable serialization on certain prefix
characters.
Fixed a NULL pointer dereference when processing invalid XML-RPC
requests (Fixes CVE-2010-0397, bug #51288).
Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
Fixed possible buffer overflows in mysqlnd_list_fields,
mysqlnd_change_user.
Fixed possible buffer overflows when handling error packets in mysqlnd.
:: Riferimenti
PHP:
http://www.php.net/ChangeLog-5.php#5.3.3
Secunia:
http://secunia.com/advisories/40268/
SecurityFocus:
http://www.securityfocus.com/bid/40948
http://www.securityfocus.com/bid/41991
Mitre CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2531
::::::::::::::::::
PHP 5.3.2:
Improved LCG entropy. (Rasmus, Samy Kamkar)
Fixed safe_mode validation inside tempnam() when the directory path
does not end with a /). (Martin Jansen)
Fixed a possible open_basedir/safe_mode bypass in the session
extension identified by Grzegorz Stachowiak. (Ilia)
:: Riferimenti
PHP:
http://www.php.net/ChangeLog-5.php#5.3.2
====================================================
:: phpBB
3.0.3:
Account Re-activation Security Bypass CVE-2008-6506 CVE-2008-6507
3.0.4:
Forum ID Security Bypass Security Issue CVE-2010-1630
fino alla 3.0.7:
Feed Permissions Security Issue CVE-2010-1627
3.0.7PL1:
Flash BBCode Script Insertion Vulnerability CVE-2011-0544
:: Riferimenti
phpBB:
http://www.phpbb.com/support/documents.php?mode=changelog&version=3
Secunia:
http://secunia.com/advisories/33166/
http://secunia.com/advisories/38264/
http://secunia.com/advisories/38837/
http://secunia.com/advisories/42343/
SecurityFocus:
http://www.securityfocus.com/bid/32842
http://www.securityfocus.com/bid/40323
Mitre CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1630
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0544
===========================================================
:: Joomla!
1.5.23:
Low Priority - Core - Information Disclosure Vulnerability.
:: Riferimenti
Joomla!:
http://www.joomla.org/announcements/release-news/5367-joomla-1523-released.html
::::::::::
1.6.2:
Low Priority - Core - Information Disclosure.
Low Priority - Core - Information Disclosure.
Low Priority - Core - XSS Vulnerabilities.
Medium Priority - Core - XSS Vulnerabilities.
Medium Priority - Core - XSS Vulnerabilities.
Medium Priority - Core - Unauthorised Access.
Medium Priority - Core - SQL Injection.
Medium Priority - Core - Clickjacking.
:: Riferimenti
Joomla!:
http://www.joomla.org/announcements/release-news/5368-joomla-162-released.html
Secunia:
http://secunia.com/advisories/44203/
SecurityFocus:
http://www.securityfocus.com/bid/47387
:::::::::::::::::::
1.6.3:
none
:::::::::::::::::::
1.6.4:
Medium Priority - Core - XSS Vulnerabilities.
Low Priority - Core - Information Disclosure.
Medium Priority - Core - Unauthorised Access.
Medium Priority - Core - XSS Vulnerabilities.
:: Riferimenti
Joomla!:
http://www.joomla.org/announcements/release-news/5374-joomla-164-released.html
http://developer.joomla.org/security/news/349-20110601-xss-vulnerabilities
http://developer.joomla.org/security/news/351-20110602-information-disclosure
http://developer.joomla.org/security/news/350-20110603-unauthorised-access
http://developer.joomla.org/security/news/352-20110604-xss-vulnerability
Secunia:
http://secunia.com/advisories/45094/
SecurityFocus:
http://www.securityfocus.com/bid/48475
=======================================================
:: WordPress
3.0.2:
Fix moderate security issue where a malicious Author-level user
could gain further access to the site.
:: Riferimenti
WordPress:
http://codex.wordpress.org/Version_3.0.2
::::::::
3.0.3:
Fixes issues in the XML-RPC remote publishing interface which under
certain circumstances allowed Author- and Contributor-level users to
improperly edit, publish or delete posts.
:: Riferimenti
WordPress:
http://codex.wordpress.org/Version_3.0.3
:::::::::
3.0.4:
Fix XSS vulnerabilities in the KSES library: Don't be case sensitive
to attribute names. Handle padded entities when checking for bad
protocols. Normalize entities before checking for bad protocols in
esc_url().
3.0.5:
Fix XSS bug: Properly encode title used in Quick/Bulk Edit, and
offer additional sanitization to various fields. Affects users of the
Author or Contributor role.
Fix XSS bug: Preserve tag escaping in the tags meta box. Affects
users of the Author or Contributor role.
Fix potential information disclosure of posts through the media
uploader. Affects users of the Author role.
Enhancement: Force HTML filtering on comment text in the admin
Enhancement: Harden check_admin_referer() when called without
arguments, which plugins should avoid.
Update the license to GPLv2 (or later) and update copyright
information for the KSES library.
:: Riferimenti
WordPress:
http://codex.wordpress.org/Version_3.0.4
:::::::::::
3.0.6:
Fix a vulnerability that allowed Contributor-level users to
improperly publish posts
:: Riferimenti
WordPress:
http://codex.wordpress.org/Version_3.0.6
:::::::::::
3.1.1:
Security hardening to media uploads
Prevent potential PHP crashes caused by complex hyperlinks
Correct minor XSS flaw on database upgrade screens
Fixed 26 security tickets.
:: Riferimenti
WordPress:
http://codex.wordpress.org/Version_3.1.1
http://wordpress.org/news/2011/04/wordpress-3-1-1/
Secunia:
http://secunia.com/advisories/44038/
:::::::::::::
3.1.2:
Fix a vulnerability that allowed Contributor-level users to
improperly publish posts.
Fix user queries ordered by post count.
Fix multiple tag queries.
Prevent over-escaping of post titles when using Quick Edit for pages.
:: Riferimenti
WordPress:
http://codex.wordpress.org/Version_3.1.2
Secunia:
http://secunia.com/advisories/44372/
::::::::::::::::
3.1.3:
Various security hardening by Alexander Concha.
Taxonomy query hardening by John Lamansky.
Prevent sniffing out user names of non-authors by using canonical
redirects. Props Vernica Valeros.
Media security fixes by Richard Lundeen of Microsoft, Jesse Ou of
Microsoft, and Microsoft Vulnerability Research.
Improves file upload security on hosts with dangerous security settings.
Cleans up old WordPress import files if the import does not finish.
Introduce .clickjacking. protection in modern browsers on admin and
login pages.
:: Riferimenti
WordPress:
http://wordpress.org/news/2011/05/wordpress-3-1-3/
Secunia:
http://secunia.com/advisories/44409/
:::::::::::::::
3.1.4:
From the Announcement blog: "This release fixes an issue that could
allow a malicious Editor-level user to gain further access to the site.
Thanks K. Gudinavicius of SEC Consult for bringing this to our
attention. Version 3.1.4 also incorporates several other security fixes
and hardening measures thanks to the work of WordPress developers
Alexander Concha and Jon Cave of our security team."
:: Riferimenti
WordPress:
http://wordpress.org/news/2011/06/wordpress-3-1-4/
Secunia:
http://secunia.com/advisories/45099/
-----BEGIN PGP SIGNATURE-----
iQCVAwUBThrhBPOB+SpikaiRAQKXMgP9FES1+xCdi0VSb+N8lmANd6rEOfai1hc8
SOnSQPYBHj0r7IuSedGfMTwAYVGy5TVqcOZXSe1aaxV/VtsITwO6AAZp7y+vJbHV
KbvfLGYLUqSPbAa0kYmwK0eYJd5xaSR+eE66ND3plUtZe1HZS4AI5Mf3S1ed/0tO
NzkB7lydXP4=
=2tDa
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-11054
Data : 11 Luglio 2011
Titolo : Tabella di vulnerabilita' delle applicazioni Web piu' comuni
******************************************************************
Di seguito una tabella con le vulnerabilita' riscontrate nei framework
piu' comuni utilizzati in applicazioni web, nella sezione "Riferimenti"
i link agli approfondimenti
:: PHP
PHP 5.3.6 fix:
Enforce security in the fastcgi protocol parsing with fpm SAPI.
Fixed bug #54247 (format-string vulnerability on Phar). (CVE-2011-1153)
Fixed bug #54193 (Integer overflow in shmop_read()). (CVE-2011-1092)
Fixed bug #54055 (buffer overrun with high values for precision ini
setting).
Fixed bug #54002 (crash on crafted tag in exif). (CVE-2011-0708)
Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty
archive). (CVE-2011-0421)
:: Riferimenti
PHP:
http://www.php.net/archive/2011.php#id2011-03-17-1
Secunia:
http://secunia.com/advisories/43328/
http://secunia.com/advisories/43744/
SecurityFocus:
http://www.securityfocus.com/bid/46786
http://www.securityfocus.com/bid/46365
http://www.securityfocus.com/bid/46354
http://www.securityfocus.com/bid/46786
http://www.securityfocus.com/bid/46843
http://www.securityfocus.com/bid/46968
http://www.securityfocus.com/bid/46977
http://www.securityfocus.com/bid/46970
http://www.securityfocus.com/bid/46969
http://www.securityfocus.com/bid/46975
Mitre CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0708
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1471
::::::::::::::::::
PHP 5.3.5
Fixed bug #53632 (PHP hangs on numeric value
2.2250738585072011e-308). (CVE-2010-4645)
:: Riferimenti
PHP:
http://bugs.php.net/bug.php?id=53632
SecurityFocus:
http://www.securityfocus.com/bid/45668
Mitre CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4645
:::::::::::::::::::
PHP 5.3.4
Fixed crash in zip extract method (possible CWE-170).
Paths with NULL in them (foo bar.txt) are now considered as invalid
(CVE-2006-7243).
Fixed a possible double free in imap extension (Identified by
Mateusz Kocielski). (CVE-2010-4150).
Fixed NULL pointer dereference in ZipArchive::getArchiveComment.
(CVE-2010-3709).
Fixed possible flaw in open_basedir (CVE-2010-3436).
Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950).
Fixed symbolic resolution support when the target is a DFS share.
Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL
with large amount of data) (CVE-2010-3710).
:: Riferimenti
PHP:
http://www.php.net/ChangeLog-5.php#5.3.4
Secunia:
http://secunia.com/advisories/41724/
SecurityFocus:
http://www.securityfocus.com/bid/44951
http://www.securityfocus.com/bid/44723
http://www.securityfocus.com/bid/44718
http://www.securityfocus.com/bid/43926
http://www.securityfocus.com/bid/44605
http://www.securityfocus.com/bid/44980
http://www.securityfocus.com/bid/45119
http://www.securityfocus.com/bid/45954
http://www.securityfocus.com/bid/45952
http://www.securityfocus.com/bid/45338
CVE Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3436
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3870
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4699
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4697
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4698
:::::::::::::::::
PHP 5.3.3:
Rewrote var_export() to use smart_str rather than output buffering,
prevents data disclosure if a fatal error occurs (CVE-2010-2531).
Fixed a possible resource destruction issues in shm_put_var().
Fixed a possible information leak because of interruption of XOR
operator.
Fixed a possible memory corruption because of unexpected call-time
pass by refernce and following memory clobbering through callbacks.
Fixed a possible memory corruption in ArrayObject::uasort().
Fixed a possible memory corruption in parse_str().
Fixed a possible memory corruption in pack().
Fixed a possible memory corruption in substr_replace().
Fixed a possible memory corruption in addcslashes().
Fixed a possible stack exhaustion inside fnmatch().
Fixed a possible dechunking filter buffer overflow.
Fixed a possible arbitrary memory access inside sqlite extension.
Fixed string format validation inside phar extension.
Fixed handling of session variable serialization on certain prefix
characters.
Fixed a NULL pointer dereference when processing invalid XML-RPC
requests (Fixes CVE-2010-0397, bug #51288).
Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
Fixed possible buffer overflows in mysqlnd_list_fields,
mysqlnd_change_user.
Fixed possible buffer overflows when handling error packets in mysqlnd.
:: Riferimenti
PHP:
http://www.php.net/ChangeLog-5.php#5.3.3
Secunia:
http://secunia.com/advisories/40268/
SecurityFocus:
http://www.securityfocus.com/bid/40948
http://www.securityfocus.com/bid/41991
Mitre CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2531
::::::::::::::::::
PHP 5.3.2:
Improved LCG entropy. (Rasmus, Samy Kamkar)
Fixed safe_mode validation inside tempnam() when the directory path
does not end with a /). (Martin Jansen)
Fixed a possible open_basedir/safe_mode bypass in the session
extension identified by Grzegorz Stachowiak. (Ilia)
:: Riferimenti
PHP:
http://www.php.net/ChangeLog-5.php#5.3.2
====================================================
:: phpBB
3.0.3:
Account Re-activation Security Bypass CVE-2008-6506 CVE-2008-6507
3.0.4:
Forum ID Security Bypass Security Issue CVE-2010-1630
fino alla 3.0.7:
Feed Permissions Security Issue CVE-2010-1627
3.0.7PL1:
Flash BBCode Script Insertion Vulnerability CVE-2011-0544
:: Riferimenti
phpBB:
http://www.phpbb.com/support/documents.php?mode=changelog&version=3
Secunia:
http://secunia.com/advisories/33166/
http://secunia.com/advisories/38264/
http://secunia.com/advisories/38837/
http://secunia.com/advisories/42343/
SecurityFocus:
http://www.securityfocus.com/bid/32842
http://www.securityfocus.com/bid/40323
Mitre CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1630
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0544
===========================================================
:: Joomla!
1.5.23:
Low Priority - Core - Information Disclosure Vulnerability.
:: Riferimenti
Joomla!:
http://www.joomla.org/announcements/release-news/5367-joomla-1523-released.html
::::::::::
1.6.2:
Low Priority - Core - Information Disclosure.
Low Priority - Core - Information Disclosure.
Low Priority - Core - XSS Vulnerabilities.
Medium Priority - Core - XSS Vulnerabilities.
Medium Priority - Core - XSS Vulnerabilities.
Medium Priority - Core - Unauthorised Access.
Medium Priority - Core - SQL Injection.
Medium Priority - Core - Clickjacking.
:: Riferimenti
Joomla!:
http://www.joomla.org/announcements/release-news/5368-joomla-162-released.html
Secunia:
http://secunia.com/advisories/44203/
SecurityFocus:
http://www.securityfocus.com/bid/47387
:::::::::::::::::::
1.6.3:
none
:::::::::::::::::::
1.6.4:
Medium Priority - Core - XSS Vulnerabilities.
Low Priority - Core - Information Disclosure.
Medium Priority - Core - Unauthorised Access.
Medium Priority - Core - XSS Vulnerabilities.
:: Riferimenti
Joomla!:
http://www.joomla.org/announcements/release-news/5374-joomla-164-released.html
http://developer.joomla.org/security/news/349-20110601-xss-vulnerabilities
http://developer.joomla.org/security/news/351-20110602-information-disclosure
http://developer.joomla.org/security/news/350-20110603-unauthorised-access
http://developer.joomla.org/security/news/352-20110604-xss-vulnerability
Secunia:
http://secunia.com/advisories/45094/
SecurityFocus:
http://www.securityfocus.com/bid/48475
=======================================================
:: WordPress
3.0.2:
Fix moderate security issue where a malicious Author-level user
could gain further access to the site.
:: Riferimenti
WordPress:
http://codex.wordpress.org/Version_3.0.2
::::::::
3.0.3:
Fixes issues in the XML-RPC remote publishing interface which under
certain circumstances allowed Author- and Contributor-level users to
improperly edit, publish or delete posts.
:: Riferimenti
WordPress:
http://codex.wordpress.org/Version_3.0.3
:::::::::
3.0.4:
Fix XSS vulnerabilities in the KSES library: Don't be case sensitive
to attribute names. Handle padded entities when checking for bad
protocols. Normalize entities before checking for bad protocols in
esc_url().
3.0.5:
Fix XSS bug: Properly encode title used in Quick/Bulk Edit, and
offer additional sanitization to various fields. Affects users of the
Author or Contributor role.
Fix XSS bug: Preserve tag escaping in the tags meta box. Affects
users of the Author or Contributor role.
Fix potential information disclosure of posts through the media
uploader. Affects users of the Author role.
Enhancement: Force HTML filtering on comment text in the admin
Enhancement: Harden check_admin_referer() when called without
arguments, which plugins should avoid.
Update the license to GPLv2 (or later) and update copyright
information for the KSES library.
:: Riferimenti
WordPress:
http://codex.wordpress.org/Version_3.0.4
:::::::::::
3.0.6:
Fix a vulnerability that allowed Contributor-level users to
improperly publish posts
:: Riferimenti
WordPress:
http://codex.wordpress.org/Version_3.0.6
:::::::::::
3.1.1:
Security hardening to media uploads
Prevent potential PHP crashes caused by complex hyperlinks
Correct minor XSS flaw on database upgrade screens
Fixed 26 security tickets.
:: Riferimenti
WordPress:
http://codex.wordpress.org/Version_3.1.1
http://wordpress.org/news/2011/04/wordpress-3-1-1/
Secunia:
http://secunia.com/advisories/44038/
:::::::::::::
3.1.2:
Fix a vulnerability that allowed Contributor-level users to
improperly publish posts.
Fix user queries ordered by post count.
Fix multiple tag queries.
Prevent over-escaping of post titles when using Quick Edit for pages.
:: Riferimenti
WordPress:
http://codex.wordpress.org/Version_3.1.2
Secunia:
http://secunia.com/advisories/44372/
::::::::::::::::
3.1.3:
Various security hardening by Alexander Concha.
Taxonomy query hardening by John Lamansky.
Prevent sniffing out user names of non-authors by using canonical
redirects. Props Vernica Valeros.
Media security fixes by Richard Lundeen of Microsoft, Jesse Ou of
Microsoft, and Microsoft Vulnerability Research.
Improves file upload security on hosts with dangerous security settings.
Cleans up old WordPress import files if the import does not finish.
Introduce .clickjacking. protection in modern browsers on admin and
login pages.
:: Riferimenti
WordPress:
http://wordpress.org/news/2011/05/wordpress-3-1-3/
Secunia:
http://secunia.com/advisories/44409/
:::::::::::::::
3.1.4:
From the Announcement blog: "This release fixes an issue that could
allow a malicious Editor-level user to gain further access to the site.
Thanks K. Gudinavicius of SEC Consult for bringing this to our
attention. Version 3.1.4 also incorporates several other security fixes
and hardening measures thanks to the work of WordPress developers
Alexander Concha and Jon Cave of our security team."
:: Riferimenti
WordPress:
http://wordpress.org/news/2011/06/wordpress-3-1-4/
Secunia:
http://secunia.com/advisories/45099/
-----BEGIN PGP SIGNATURE-----
iQCVAwUBThrhBPOB+SpikaiRAQKXMgP9FES1+xCdi0VSb+N8lmANd6rEOfai1hc8
SOnSQPYBHj0r7IuSedGfMTwAYVGy5TVqcOZXSe1aaxV/VtsITwO6AAZp7y+vJbHV
KbvfLGYLUqSPbAa0kYmwK0eYJd5xaSR+eE66ND3plUtZe1HZS4AI5Mf3S1ed/0tO
NzkB7lydXP4=
=2tDa
-----END PGP SIGNATURE-----