Re: Joomla! Security News 2012-06-19

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/19/2012 06:41 AM, Henri Salo wrote:
> Two issues without CVEs again. Could I get those assigned, thanks.
>
> 1. 20120601 - Core - Privilege Escalation

Please use CVE-2012-2747 Joomla!
470-20120601-core-privilege-escalation.html

> 2. 20120602 - Core - Information Disclosure

Please use CVE-2012-2748 Joomla!
471-20120602-core-information-disclosure.html

> - Henri Salo ps. forwarded email from Joomla below
>
> ----- Forwarded message from Joomla! Developer Network - Security
> News <no_reply () joomla org> -----
>
> Subject: Joomla! Security News From: Joomla! Developer Network -
> Security News <no_reply () joomla org> To: henri () nerv fi
>
> Joomla! Developer Network - Security News
>
> /////////////////////////////////////////// [20120601] - Core -
> Privilege Escalation
>
> Posted: 19 Jun 2012 12:21 AM PDT 
> http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/I2o1kbJKIVQ/470-20120601-core-privilege-escalation.html?utm_source=feedburner&utm_medium=email
>
>
>
> Project: Joomla! SubProject: All Severity: Medium High Versions:
> 2.5.4 and all earlier 2.5.x versions Exploit type: Privilege
> Escalation Reported Date: 2012-April-29 Fixed Date: 2012-June-18
>
> Description
>
> Inadequate checking leads to possible user privilege escalation. 
> Affected Installs
>
> Joomla! versions 2.5.4 and all earlier 2.5.x versions Solution
>
> Upgrade to version 2.5.5
>
> Reported by Nils Rückmann Contact
>
> The JSST at the Joomla! Security Center.
>
>
>
> /////////////////////////////////////////// [20120602] - Core -
> Information Disclosure
>
> Posted: 19 Jun 2012 12:21 AM PDT 
> http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/K71HzujRDDs/471-20120602-core-information-disclosure.html?utm_source=feedburner&utm_medium=email
>
>
>
> Project: Joomla! SubProject: All Severity: Low Versions: 2.5.4 and
> all earlier 2.5.x versions Exploit type: Information Disclosure 
> Reported Date: 2012-May-1 Fixed Date: 2012-June-18
>
> Description
>
> Inadequate filtering leads SQL error and information disclosure. 
> Affected Installs
>
> Joomla! versions 2.5.4 and all earlier 2.5.x versions Solution
>
> Upgrade to version 2.5.5
>
> Reported by Jakub Galczyk Contact
>
> The JSST at the Joomla! Security Center.
>
>
>
> -- You are subscribed to email updates from "Joomla! Developer
> Network - Security News." To stop receiving these emails, you may
> unsubscribe now:
> http://feedburner.google.com/fb/a/mailunsubscribe?k=JWlBXz9w0F12fWtPu46jwc9_Jcc
>
>  Email delivery powered by Google. Google Inc., 20 West Kinzie,
> Chicago IL USA 60610
>
>
> ----- End forwarded message -----


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP4LbuAAoJEBYNRVNeJnmT15IP/irWl/iCDsPz/O9kycKQUZ/r
B7FAOeyW7BLdbnw2OczUXRyI8NFXSNeS2DfoiN4DpWaTXh8TZRaW7Iu3BnW/ftNk
ph0a7N/1Gn7ICTkBOeMDBAGtfBt8Bae5mp3phecsReSv793szGT1tCIMg92j0qTa
WumqvPB4IA/xk+6Wxa+Unkxl6zwBPnptFXMwfngrD6WozNOiO/fkW9LQ1vmIMMp2
2jX+ndqrs6ZCJc1qGvagRdXZLedNiAv3IQGSFEbHXPdkJUG9tNWQNYJ9IVf0Ym01
BjbXdqOqYpDM1kTVxHxxxgHEJEcavJfAE06PoWM6E+Klsc7DI3KZu4d+0+VVs8Qd
HOTRVWArEwYrtKz+EyZHpxJshIUtRExN/Hjxs/N6XxS9ZhW1wtgb8xgFa0p0l/+I
6k2TudK9hWpknvS5ALHwUQ9VaL75nqrsiQnX1aBOGsSTY1Qqs229nT/HNuVTO6Fu
+yncv+5HVeRey5ZNpqCVBivBv6InSae2p75Qk4GwN2IL0zqjAIBijh1T8UBu9e6B
GVMf8Jhlh9i8sJZED9jsN0/prnUbEeZ9nS7h6uXWeUQJYH+JlDTUX+XIehv7uDiI
kjZM6lGqOZmOgLfpqWyHDEV/Old+fWOS2acmiyC1/fIafQnNDOMXbQOSaS2d+8CZ
R53RQpSS0iFAzm9iIBbQ
=ZPxp
-----END PGP SIGNATURE-----