Re: Fwd Joomla! Security News 2012-01

[Kurt Seifried <kseifried () redhat com>]

Well no-one spoke up so I'm assuming no CVE's have been issued for these
issues yet.

> > ///////////////////////////////////////////
> > [20120101] - Core - Information Disclosure
> >
> > Posted: 23 Jan 2012 01:45 AM PST
> > http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/MYKnZ2QJKYE/382-20120101-core-information-disclosure.html?utm_source=feedburner&utm_medium=email
>
>
> http://developer.joomla.org/security/news/382-20120101-core-information-disclosure.html
>
> Project: Joomla! SubProject: All Severity: Low Versions: 1.7.3 and all
> earlier 1.7 and 1.6 versions Exploit type: Information Disclosure
> Reported Date: 2012-January-07 Fixed Date: 2012-January-24 Description
> Inadequate filtering leads to information disclosure. Affected Installs
> Joomla! version 1.7.3 and all earlier versions Solution Upgrade to
> version 1.7.4 or 2.5.0 or higher Reported by Cyrille Barthelemy Contact
> The JSST at the Joomla! Security Center.

Please use CVE-2011-4933 for this issue
(382-20120101-core-information-disclosure.html)


> > ///////////////////////////////////////////
> > [20120102] - Core - XSS Vulnerability
> >
> > Posted: 23 Jan 2012 01:45 AM PST
> > http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/XAEsWEG3dgU/383-20120102-core-xss-vulnerability.html?utm_source=feedburner&utm_medium=email
>
>
> developer.joomla.org/security/news/383-20120102-core-xss-vulnerability.html
>
> Project: Joomla! SubProject: All Severity: Moderate Versions: 1.7.3 and
> all earlier 1.7 and 1.6 versions Exploit type: XSS Vulnerability
> Reported Date: 2011-November-16 Fixed Date: 2012-January-24 Description
> Inadequate filtering leads to XSS vulnerability. Affected Installs
> Joomla! version 1.7.3 and all earlier versions Solution Upgrade to
> version 1.7.4 or 2.5.0 or higher Reported by Ankita Kapadia Contact The
> JSST at the Joomla! Security Center.

Please use CVE-2011-4934 for this issue
(383-20120102-core-xss-vulnerability.html)

> > ///////////////////////////////////////////
> > [20120103] - Core - Information Disclosure
> >
> > Posted: 23 Jan 2012 01:45 AM PST
> > http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/Ed0TMAvyQ4g/384-20120103-core-information-disclosure.html?utm_source=feedburner&utm_medium=email
>
> http://developer.joomla.org/security/news/384-20120103-core-information-disclosure.html
>
> Project: Joomla! SubProject: All Severity: Low Versions: 1.7.3 and all
> earlier 1.7 and 1.6 versions Exploit type: Information Disclosure
> Reported Date: 2011-December-19 Fixed Date: 2012-January-24 Description
> Inadequate filtering leads to information disclosure. Affected Installs
> Joomla! version 1.7.3 and all earlier versions Solution Upgrade to
> version 1.7.4 or 2.5.0 or higher Reported by Jean-Marie Simonet Contact
> The JSST at the Joomla! Security Center.

Please use CVE-2011-4935 for this issue
(384-20120103-core-information-disclosure.html)

> > ///////////////////////////////////////////
> > [20120104] - Core - XSS Vulnerability
> >
> > Posted: 23 Jan 2012 01:45 AM PST
> > c
>
>
>
> http://developer.joomla.org/security/news/385-20120104-core-xss-vulnerability.html
>
> Project: Joomla! SubProject: All Severity: Moderate Versions: 1.7.3 and
> all earlier versions Exploit type: XSS Vulnerability Reported Date:
> 2012-January-22 Fixed Date: 2012-January-24 Description Inadequate
> filtering leads to XSS vulnerability. Affected Installs Joomla! version
> 1.7.3 and all earlier 1.7 and 1.6 versions Solution Upgrade to version
> 1.7.4 or 2.5.0 or higher Reported by David Jardin Contact The JSST at
> the Joomla! Security Center.

Please use CVE-2011-4936 for this issue
(385-20120104-core-xss-vulnerability.html)

-- 
Kurt Seifried Red Hat Security Response Team (SRT)