Alert GCSA-20076 - Aggiornamento di sicurezza per Joomla!
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
alert ID: GCSA-20076
data: 26 agosto 2020
titolo: Aggiornamento di sicurezza per Joomla!
******************************************************************
:: Descrizione del problema
E' stata rilasciata una nuova versione del CMS Joomla! che risolve
tre vulnerabilita' di sicurezza con impatto medio-basso,
l'aggiornamento include anche venti bug fixes e miglioramenti.
[20200801] - Core - XSS in mod_latestactions
[20200802] - Core - Open redirect in com_content vote feature
[20200803] - Core - Directory traversal in com_media
Maggiori dettagli sono disponibili nella segnalazione
ufficiale alla sezione "Riferimenti".
:: Software interessato
Joomla! CMS versioni precedenti alla 3.9.21
:: Impatto
Cross Site Scripting (XSS)
https://cwe.mitre.org/data/definitions/79.html
Open Redirect
https://cwe.mitre.org/data/definitions/601.html
Directory Traversal
https://cwe.mitre.org/data/definitions/22.html
https://cwe.mitre.org/data/definitions/23.html
https://cwe.mitre.org/data/definitions/73.html
:: Soluzioni
Aggiornare Joomla!
https://downloads.joomla.org/cms/joomla3/3-9-21
Joomla! update instructions
https://docs.joomla.org/J3.x:Updating_from_an_existing_version/it
:: Riferimenti
Joomla! Release News
https://www.joomla.org/announcements/release-news/5821-joomla-3-9-21.html
Disponibile aggiornamento sicurezza Joomla!
https://www.joomla.it/notizie/rilasci-joomla/9065-disponibile-aggiornamento-sicurezza-joomla-3-9-21.html
Joomla! Security Announcements
https://developer.joomla.org/security-centre/824-20200801-core-xss-in-mod-latestactions.html
https://developer.joomla.org/security-centre/825-20200802-core-open-redirect-in-com-content-vote-feature.html
https://developer.joomla.org/security-centre/827-20200803-core-directory-traversal-in-com-media.html
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24599
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24598
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24597
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFfRlc6wZxMk2USYEIRAqEaAKCBP3YGQDYnGpWJnCCRI7u/bc++6gCePTIh
sx1hsBj5c6IrJOWman4hnJA=
=jrTp
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
alert ID: GCSA-20076
data: 26 agosto 2020
titolo: Aggiornamento di sicurezza per Joomla!
******************************************************************
:: Descrizione del problema
E' stata rilasciata una nuova versione del CMS Joomla! che risolve
tre vulnerabilita' di sicurezza con impatto medio-basso,
l'aggiornamento include anche venti bug fixes e miglioramenti.
[20200801] - Core - XSS in mod_latestactions
[20200802] - Core - Open redirect in com_content vote feature
[20200803] - Core - Directory traversal in com_media
Maggiori dettagli sono disponibili nella segnalazione
ufficiale alla sezione "Riferimenti".
:: Software interessato
Joomla! CMS versioni precedenti alla 3.9.21
:: Impatto
Cross Site Scripting (XSS)
https://cwe.mitre.org/data/definitions/79.html
Open Redirect
https://cwe.mitre.org/data/definitions/601.html
Directory Traversal
https://cwe.mitre.org/data/definitions/22.html
https://cwe.mitre.org/data/definitions/23.html
https://cwe.mitre.org/data/definitions/73.html
:: Soluzioni
Aggiornare Joomla!
https://downloads.joomla.org/cms/joomla3/3-9-21
Joomla! update instructions
https://docs.joomla.org/J3.x:Updating_from_an_existing_version/it
:: Riferimenti
Joomla! Release News
https://www.joomla.org/announcements/release-news/5821-joomla-3-9-21.html
Disponibile aggiornamento sicurezza Joomla!
https://www.joomla.it/notizie/rilasci-joomla/9065-disponibile-aggiornamento-sicurezza-joomla-3-9-21.html
Joomla! Security Announcements
https://developer.joomla.org/security-centre/824-20200801-core-xss-in-mod-latestactions.html
https://developer.joomla.org/security-centre/825-20200802-core-open-redirect-in-com-content-vote-feature.html
https://developer.joomla.org/security-centre/827-20200803-core-directory-traversal-in-com-media.html
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24599
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24598
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24597
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFfRlc6wZxMk2USYEIRAqEaAKCBP3YGQDYnGpWJnCCRI7u/bc++6gCePTIh
sx1hsBj5c6IrJOWman4hnJA=
=jrTp
-----END PGP SIGNATURE-----