Security Centre
///////////////////////////////////////////
[20150602] – Core – CSRF Protection
Posted: 03 Jul 2015 02:10 PM PDT
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/rnWVOQvQFXo/618-20150602-core-remote-code-execution.html?utm_source=feedburner&utm_medium=email
Project: Joomla!
SubProject: CMS
Severity: Low
Versions: 3.2.0 through 3.4.1
Exploit type: CSRF Protection
Reported Date: 2015-April-06
Fixed Date: 2015-June-30
CVE Number: tbd
Description
Lack of CSRF checks potentially enabled uploading malicious code.
Affected Installs
Joomla! CMS versions 3.2.0 through 3.4.1
Solution
Upgrade to version 3.4.2
Contact
The JSST at the Joomla! Security Center.
Reported By: Eric Flokstra
///////////////////////////////////////////
[20150601] – Core – Open Redirect
Posted: 03 Jul 2015 02:04 PM PDT
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/5Ml2wA_edLI/617-20150601-core-open-redirect.html?utm_source=feedburner&utm_medium=email
Project: Joomla!
SubProject: CMS
Severity: Low
Versions: 3.0.0 through 3.4.1
Exploit type: Open Redirect
Reported Date: 2015-June-01
Fixed Date: 2015-June-30
CVE Number: tbd
Description
Inadequate checking of the return value allowed to redirect to an extern
page.
Affected Installs
Joomla! CMS versions 3.0.0 through 3.4.1
Solution
Upgrade to version 3.4.2
Contact
The JSST at the Joomla! Security Center.
Reported By: Sharath Unni and Steven Sweeting
—
You are subscribed to email updates from “Security Centre.”
To stop receiving these emails, you may unsubscribe now:
https://feedburner.google.com/fb/a/mailunsubscribe?k=klRMcgAuNv0B2qiOWTrkr13c6R0
Email delivery powered by Google.
Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United
States
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
<html>
<head>
<META http-equiv=”Content-Type” content=”text/html; charset=UTF-8″>
<title>Security Centre</title>
</head>
<body>
<style type=”text/css”>
h1 a:hover {background-color:#888;color:#fff ! important;}
div#emailbody table#itemcontentlist tr td div ul {
list-style-type:square;
padding-left:1em;
}
div#emailbody table#itemcontentlist tr td div blockquote {
padding-left:6px;
border-left: 6px solid #dadada;
margin-left:1em;
}
div#emailbody table#itemcontentlist tr td div li {
margin-bottom:1em;
margin-left:1em;
}
table#itemcontentlist tr td a:link, table#itemcontentlist tr td a:visited, table#itemcontentlist tr td a:active, ul#summarylist li a {
color:#000099;
font-weight:bold;
text-decoration:none;
}
img {border:none;}
</style>
<div xmlns=”http://www.w3.org/1999/xhtml” id=”emailbody” style=”margin:0 2em;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”>
<table style=”border:0;padding:0;margin:0;width:100%”>
<tr>
<td style=”vertical-align:top” width=”99%”>
<h1 style=”margin:0;padding-bottom:6px;”>
<a style=”color:#888;font-size:22px;font-family:Arial, Helvetica, sans-serif;font-weight:normal;text-decoration:none;” href=”http://developer.joomla.org/security-centre.html” title=”(http://developer.joomla.org/security-centre.html)”>Joomla! Security News</a>
</h1>
</td>
<td width=”1%” />
</tr>
</table>
<hr style=”border:1px solid #ccc;padding:0;margin:0″ />
<table id=”itemcontentlist”>
<tr xmlns=””>
<td style=”margin-bottom:0;line-height:1.4em;”>
<p style=”margin:1em 0 3px 0;”>
<a name=”1″ style=”font-family:Arial, Helvetica, sans-serif;font-size:9px;” href=”http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/rnWVOQvQFXo/618-20150602-core-remote-code-execution.html?utm_source=feedburner&utm_medium=email”>[20150602] – Core – CSRF Protection</a>
</p>
<p style=”font-size:9px;color:#555;margin:9px 0 3px 0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;”>
<span>Posted:</span> 03 Jul 2015 02:10 PM PDT</p>
<div style=”margin:0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”><ul style=”font-size: 12.1599998474121px; line-height: 15.8079996109009px;”>
<li>Project: Joomla!</li>
<li>SubProject: CMS</li>
<li>Severity: <span class=”label label-warning”>Low</span></li>
<li>Versions: 3.2.0 through 3.4.1</li>
<li>Exploit type: <span style=”color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: normal;”>CSRF Protection</span></li>
<li>Reported Date: 2015-April-06</li>
<li>Fixed Date: 2015-June-30</li>
<li>CVE Number: tbd</li>
</ul>
<h3 style=”line-height: 15.8079996109009px;”>Description</h3>
<p style=”font-size: 12.1599998474121px; line-height: 15.8079996109009px;”>Lack of CSRF checks potentially enabled uploading malicious code.</p>
<h3 style=”line-height: 15.8079996109009px;”>Affected Installs</h3>
<p style=”font-size: 12.1599998474121px; line-height: 15.8079996109009px;”>Joomla! CMS versions 3.2.0 through 3.4.1</p>
<h3 style=”line-height: 15.8079996109009px;”>Solution</h3>
<p style=”font-size: 12.1599998474121px; line-height: 15.8079996109009px;”>Upgrade to version 3.4.2</p>
<h3 style=”line-height: 15.8079996109009px;”>Contact</h3>
<p style=”font-size: 12.1599998474121px; line-height: 15.8079996109009px;”>The JSST at the Joomla! Security Center.</p>
<div class=”alert alert-info” style=”font-size: 12.1599998474121px; line-height: 15.8079996109009px;”><strong>Reported By:</strong> <span style=”color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: normal;”>Eric Flokstra</span></div><div class=”feedflare”>
<a href=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?a=rnWVOQvQFXo:VWgMZDSQq9c:yIl2AUoC8zA”><img src=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA” border=”0″></img></a>
</div><img src=”http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/rnWVOQvQFXo?utm_source=feedburner&utm_medium=email” height=”1″ width=”1″ alt=””/></div>
</td>
</tr>
<tr>
<td style=”margin-bottom:0;line-height:1.4em;”>
<p style=”margin:1em 0 3px 0;”>
<a name=”2″ style=”font-family:Arial, Helvetica, sans-serif;font-size:9px;” href=”http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/5Ml2wA_edLI/617-20150601-core-open-redirect.html?utm_source=feedburner&utm_medium=email”>[20150601] – Core – Open Redirect</a>
</p>
<p style=”font-size:9px;color:#555;margin:9px 0 3px 0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;”>
<span>Posted:</span> 03 Jul 2015 02:04 PM PDT</p>
<div style=”margin:0;font-family:Arial, Helvetica, sans-serif;line-height:140%;font-size:9px;color:#000000;”><ul style=”font-size: 12.1599998474121px; line-height: 15.8079996109009px;”>
<li>Project: Joomla!</li>
<li>SubProject: CMS</li>
<li>Severity: <span class=”label label-warning”>Low</span></li>
<li>Versions: 3.0.0 through 3.4.1</li>
<li>Exploit type: <span style=”color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: normal;”>Open Redirect</span></li>
<li>Reported Date: 2015-June-01</li>
<li>Fixed Date: 2015-June-30</li>
<li>CVE Number: tbd</li>
</ul>
<h3 style=”line-height: 15.8079996109009px;”>Description</h3>
<p style=”font-size: 12.1599998474121px; line-height: 15.8079996109009px;”>Inadequate checking of the return value allowed to redirect to an extern page.</p>
<h3 style=”line-height: 15.8079996109009px;”>Affected Installs</h3>
<p style=”font-size: 12.1599998474121px; line-height: 15.8079996109009px;”>Joomla! CMS versions 3.0.0 through 3.4.1</p>
<h3 style=”line-height: 15.8079996109009px;”>Solution</h3>
<p style=”font-size: 12.1599998474121px; line-height: 15.8079996109009px;”>Upgrade to version 3.4.2</p>
<h3 style=”line-height: 15.8079996109009px;”>Contact</h3>
<p style=”font-size: 12.1599998474121px; line-height: 15.8079996109009px;”>The JSST at the Joomla! Security Center.</p>
<div class=”alert alert-info” style=”font-size: 12.1599998474121px; line-height: 15.8079996109009px;”><strong>Reported By:</strong> <span style=”color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: normal;”>Sharath Unni and </span><span style=”color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: normal;”>Steven Sweeting</span></div><div class=”feedflare”>
<a href=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?a=5Ml2wA_edLI:JVk0Cvrvylo:yIl2AUoC8zA”><img src=”http://feeds.feedburner.com/~ff/JoomlaSecurityNews?d=yIl2AUoC8zA” border=”0″></img></a>
</div><img src=”http://feeds.feedburner.com/~r/JoomlaSecurityNews/~4/5Ml2wA_edLI?utm_source=feedburner&utm_medium=email” height=”1″ width=”1″ alt=””/></div>
</td>
</tr>
</table>
<table style=”border-top:1px solid #999;padding-top:4px;margin-top:1.5em;width:100%” id=”footer”>
<tr>
<td style=”text-align:left;font-family:Helvetica,Arial,Sans-Serif;font-size:11px;margin:0 6px 1.2em 0;color:#333;”>You are subscribed to email updates from <a href=”http://developer.joomla.org/security-centre.html”>Security Centre</a>
<br />To stop receiving these emails, you may <a href=”https://feedburner.google.com/fb/a/mailunsubscribe?k=klRMcgAuNv0B2qiOWTrkr13c6R0″>unsubscribe now</a>.</td>
<td style=”font-family:Helvetica,Arial,Sans-Serif;font-size:11px;margin:0 6px 1.2em 0;color:#333;text-align:right;vertical-align:top”>Email delivery powered by Google</td>
</tr>
<tr>
<td colspan=”2″ style=”text-align:left;font-family:Helvetica,Arial,Sans-Serif;font-size:11px;margin:0 6px 1.2em 0;color:#333;”>Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States</td>
</tr>
</table>
</div>
</body>
</html>