Alert GCSA-18042 - Aggiornamento di sicurezza per Joomla!
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-18042
Data: 24 maggio 2018
Titolo: Aggiornamento di sicurezza per Joomla!
******************************************************************
:: Descrizione del problema
E' stata rilasciata una nuova versione del CMS Joomla!
che risolve varie vulnerabilita' di sicurezza.
Maggiori dettagli sono disponibili nella segnalazione
ufficiale alla sezione "Riferimenti".
:: Software interessato
Joomla! versioni dalla 1.5.0 alla 3.8.7
:: Impatto
Accesso utente via network
Esecuzione di codice arbitrario via network
Rivelazione di informazioni di autenticazione, di utente e di sistema
Modifica di informazioni utente e di sistema
:: Soluzioni
Aggiornare Joomla! alla versione 3.8.8
https://downloads.joomla.org/
:: Riferimenti
Joomla! Security Announcements
https://developer.joomla.org/security-centre/737-20180509-core-xss-vulnerability-in-the-media-manager.html
https://developer.joomla.org/security-centre/736-20180508-core-possible-xss-attack-in-the-redirect-method.html
https://developer.joomla.org/security-centre/735-20180507-core-session-deletion-race-condition.html
https://developer.joomla.org/security-centre/734-20180506-core-filter-field-in-com-fields-allows-remote-code-execution.html
https://developer.joomla.org/security-centre/733-20180505-core-xss-vulnerabilities-additional-hardening.html
https://developer.joomla.org/security-centre/732-20180504-core-installer-leaks-plain-text-password-to-local-user.html
https://developer.joomla.org/security-centre/731-20180503-core-information-disclosure-about-unpublished-tags.html
https://developer.joomla.org/security-centre/730-20180502-core-add-phar-files-to-the-upload-blacklist.html
https://developer.joomla.org/security-centre/729-20180501-core-acl-violation-in-access-levels.html
Security Tracker
https://securitytracker.com/id/1040966
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11328
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6378
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFbBoT+wZxMk2USYEIRAiRGAJ9f61MfT021i5b7H07atmxaXsM5MACffuyH
7jl2g+cckOuWfPvVxVZ80lI=
=v+N4
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-18042
Data: 24 maggio 2018
Titolo: Aggiornamento di sicurezza per Joomla!
******************************************************************
:: Descrizione del problema
E' stata rilasciata una nuova versione del CMS Joomla!
che risolve varie vulnerabilita' di sicurezza.
Maggiori dettagli sono disponibili nella segnalazione
ufficiale alla sezione "Riferimenti".
:: Software interessato
Joomla! versioni dalla 1.5.0 alla 3.8.7
:: Impatto
Accesso utente via network
Esecuzione di codice arbitrario via network
Rivelazione di informazioni di autenticazione, di utente e di sistema
Modifica di informazioni utente e di sistema
:: Soluzioni
Aggiornare Joomla! alla versione 3.8.8
https://downloads.joomla.org/
:: Riferimenti
Joomla! Security Announcements
https://developer.joomla.org/security-centre/737-20180509-core-xss-vulnerability-in-the-media-manager.html
https://developer.joomla.org/security-centre/736-20180508-core-possible-xss-attack-in-the-redirect-method.html
https://developer.joomla.org/security-centre/735-20180507-core-session-deletion-race-condition.html
https://developer.joomla.org/security-centre/734-20180506-core-filter-field-in-com-fields-allows-remote-code-execution.html
https://developer.joomla.org/security-centre/733-20180505-core-xss-vulnerabilities-additional-hardening.html
https://developer.joomla.org/security-centre/732-20180504-core-installer-leaks-plain-text-password-to-local-user.html
https://developer.joomla.org/security-centre/731-20180503-core-information-disclosure-about-unpublished-tags.html
https://developer.joomla.org/security-centre/730-20180502-core-add-phar-files-to-the-upload-blacklist.html
https://developer.joomla.org/security-centre/729-20180501-core-acl-violation-in-access-levels.html
Security Tracker
https://securitytracker.com/id/1040966
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11328
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6378
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFbBoT+wZxMk2USYEIRAiRGAJ9f61MfT021i5b7H07atmxaXsM5MACffuyH
7jl2g+cckOuWfPvVxVZ80lI=
=v+N4
-----END PGP SIGNATURE-----