Browse > Home / Archive by category 'Security Releases'

Security Release - Joomla! 1.0.14

February 11, 2008

With Joomla’s release of their new version (1.5.1) patch today, they have also released a security patch for their 1.0.13 product.  Anyone on Joomla 1.0.13 or earlier should upgrade to the latest version release to avoid any problems.

Joomla security release 1.0.14 addresses some serious security vulnerabilities.  As with most of their upgrades, they recommend that you test on a backup copy of your site and then upgrade your live site as soon as your testing is completed.

Security Fixes

  • SECURITY [LOW]  Fixed XSS issue in Search Component.
  • SECURITY [LOW]  Fixed XSS issue in Search results pages.
  • SECURITY [LOW]  Disallowed users from adding extra wildcard filters in search strings.
  • SECURITY [LOW]  Fixed multiple typos in back end Content Component making array integer check ineffective.
  • SECURITY [LOW]  Fixed case-sensitive flaw in Input Filter.
  • SECURITY [HIGH]  Fixed CSRF issue allowing portal compromise - Administrator components.

Other Significant Fixes
 

  • Administrator logout problem.
  • Fixed bug in Search Component where small word were not properly filtered out.
  • Improved efficiency of regular expressions in Search Component (thus reducing CPU resources when called).
  • Added “Preview” link to Administrator template (to match 1.5).
  • Fixed bug in pagination links (extra space was being added to the link).
  • Various core API fixes.

For detailed release information, patch files, and upgrade instructions, please visit Joomla’s website.

Save to -> del.icio.us | Reddit | Digg | Technorati | StumbleUpon

Filed Under Security Releases · Leave a Comment  

Wordpress 2.3.3 Urgent Security Release

February 5, 2008

For those users running a previous version of Wordpress, please be aware that Wordpress has released an important security fix which will bring your current release level to 2.3.3.

This security release will correct a flaw for those sites that have registration enabled.  A flaw was found in the XML-RPC implementation such that a specially crafted request could allow the hacker to modify users posts.

Also, if you are using the WP-Forum plug-in, an exploit was found in that module as well.

Please visit Wordpress to learn more about these exploits and download the XML-RPC patch or new Wordpress 2.3.3 release level.

Save to -> del.icio.us | Reddit | Digg | Technorati | StumbleUpon

Filed Under Blogging, Security Releases · 1 Comment