Joomla! 2.5 Security Update Fixes Vulnerabilities
The Joomla! project has released version 2.5.3 of its open source content management system (CMS). This is a security update that addresses two “High Priority” vulnerabilities.
The first of these is caused by an unspecified programming error which could have allowed a malicious user to gain escalated privileges. The other hole is an error in random number generation when resetting passwords that could be exploited by an attacker to change a user’s password.
Versions 2.5.0 to 2.5.2 as well as all 1.7.x and 1.6.x releases are affected. The developers advise all users to upgrade to 2.5.3 to fix these problems. More details about the update can be found in the official release announcement and in the security advisories. Joomla! 2.5.3 is available to download from the project’s site and is licensed under the GPL.
Complete details here: http://www.h-online.com/security/news/item/Joomla-2-5-update-fixes-security-vulnerabilities-1476632.html
Microsoft Patches SSL BEAST; But warns of more!
In the first Patch Tuesday of 2012, Microsoft fixes an old issue and warns about a new security bypass risk.
Microsoft is kicking off its 2012 Patch Tuesday release cycle with seven security bulletins. Among the items patched is an SSL issue that has been known publicly since at least September 2011.
The January Patch Tuesday update provides a fix for the SSL BEAST attack (an acronym for Browser Exploit Against SSL/TLS). The BEAST exploit takes advantage of a weakness in the TLS 1.0 version of SSL to decrypt encrypted HTTPS requests.
Read More: http://tinyurl.com/MS-BEAST
Bypass Security Risk; Windows Kernel: http://technet.microsoft.com/en-us/security/bulletin/ms12-001
Severity Rating: Important Revision Note: V1.0 (January 10, 2012): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow an attacker to bypass the SafeSEH security feature in a software application. An attacker could then use other vulnerabilities to leverage the structured exception handler to run arbitrary code. Only software applications that were compiled using Microsoft Visual C++ .NET 2003 can be used to exploit this vulnerability. |
Related articles
- BEAST SSL fix in supersized Patch Tuesday (go.theregister.com)
- Microsoft Slays The Beast (lumension.com)
- Microsoft finally vanquishes the BEAST-related bug (news.cnet.com)
Adobe Releases Updates for Adobe Reader and Acrobat
Adobe has released a Security Advisory for Adobe Reader and Acrobat to address a vulnerability affecting the following software versions:
* Adobe Reader X (10.1.1) and earlier versions for Windows and
Macintosh
* Adobe Reader (9.4.6) and earlier 9.x versions for Unix
Exploitation of this vulnerability may allow an attacker cause a denial-of-service condition or take control of the affected system.
*****Adobe also states that using Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit for this vulnerability.
http://www.us-cert.gov/current/index.html#adobe_releases_updates_for_adobe1