plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter. Note: it was originally reported that this issue only allowed attackers to obtain sensitive information, but later analysis demonstrated that other attacks exist. (CVSS:5.0) (Last Update:2013-03-06)
CVE-2013-1454
Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to “Coding errors.” (CVSS:5.0) (Last Update:2013-03-26)
CVE-2013-1455
Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to an “Undefined variable.” (CVSS:5.0) (Last Update:2013-02-13)
New WatchGuard XTM Models Ride the Wave of Enterprise UTM Adoption
New Models Introduce Scalable Performance, Increased Security and Unparalleled Manageability
Oracle Java SE Critical Patch Update Advisory – February 2013
WordPress 3.5.1 Maintenance and Security Release
WordPress 3.5.1 is now available. Version 3.5.1 is the first maintenance release of 3.5, fixing 37 bugs. It is also a security release for all previous WordPress versions. For a full list of changes, consult the list of tickets and the changelog, which include:
- Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases.
- Media: Fix a collection of minor workflow and compatibility issues in the new media manager.
- Networks: Suggest proper rewrite rules when creating a new network.
- Prevent scheduled posts from being stripped of certain HTML, such as video embeds, when they are published.
- Work around some misconfigurations that may have caused some JavaScript in the WordPress admin area to fail.
- Suppress some warnings that could occur when a plugin misused the database or user APIs.
Additionally, a bug affecting Windows servers running IIS can prevent updating from 3.5 to 3.5.1. If you receive the error “Destination directory for file streaming does not exist or is not writable,” you will need to follow the steps outlined on the Codex.
WordPress 3.5.1 also addresses the following security issues:
- A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team. We’d like to thank security researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work.
- Two instances of cross-site scripting via shortcodes and post content. These issues were discovered by Jon Cave of the WordPress security team.
- A cross-site scripting vulnerability in the external library Plupload. Thanks to the Moxiecode team for working with us on this, and for releasing Plupload 1.5.5 to address this issue.
Download 3.5.1 or visit Dashboard → Updates in your site admin to update now.
CVE-2012-6096
Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable. (CVSS:7.5) (Last Update:2013-06-04)
CVE-2013-0400 (sunos)
Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Filesystem/cachefs.
CVE-2013-0399 (sunos)
Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Umount.
SA-CORE-2013-001 – Drupal core – Multiple vulnerabilities
- Advisory ID: DRUPAL-SA-CORE-2013-001
- Project: Drupal core
- Version: 6.x, 7.x
- Date: 2013-January-16
- Security risk: Highly critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting, Access bypass
Description
Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7.
Cross-site scripting (Various core and contributed modules – Drupal 6 and 7)
A reflected cross-site scripting vulnerability (XSS) was identified in certain Drupal JavaScript functions that pass unexpected user input into jQuery causing it to insert HTML into the page when the intended behavior is to select DOM elements. Multiple core and contributed modules are affected by this issue.
jQuery versions 1.6.3 and higher provide protection against common forms of this problem; thus, the vulnerability is mitigated if your site has upgraded to a recent version of jQuery. However, the versions of jQuery that are shipped with Drupal 6 and Drupal 7 core do not contain this protection.
Although the fix added to Drupal as part of this security release prevents the most common forms of this issue in the same way as newer versions of jQuery do, developers should be aware that passing untrusted user input directly to jQuery functions such as jQuery() and $() is unsafe and should be avoided.
CVE: CVE-2013-0244 (a CVE was also separately issued for jQuery)
Access bypass (Book module printer friendly version – Drupal 6 and 7)
A vulnerability was identified that exposes the title or, in some cases, the content of nodes that the user should not have access to.
This vulnerability is mitigated by the fact that the bypass is only accessible to users who already have the ‘access printer-friendly version’ permission (which is not granted to Anonymous or Authenticated users by default) and it only affects nodes that are part of a book outline.
CVE: CVE-2013-0245
Access bypass (Image module – Drupal 7)
Drupal core provides the ability to have private files, including images. A vulnerability was identified in which derivative images (which Drupal automatically creates from these images based on “image styles” and which may differ, for example, in size or saturation) did not always receive the same protection. Under some circumstances, this would allow users to access image derivatives for images they should not be able to view.
This vulnerability is mitigated by the fact that it only affects sites which use the Image module and which store images in a private file system.
CVE: CVE-2013-0246
CVE identifier(s) issued
- CVE-2013-0244
- CVE-2013-0245
- CVE-2013-0246
Versions affected
- Drupal core 6.x versions prior to 6.28.
- Drupal core 7.x versions prior to 7.19.
Solution
Install the latest version:
- If you use Drupal 6.x, upgrade to Drupal core 6.28.
- If you use Drupal 7.x, upgrade to Drupal core 7.19.
Also see the Drupal core project page.
Reported by
- The cross-site scripting issue in various Drupal core and contributed modules was reported by t.ashula, and by David Rothstein of the Drupal Security Team.
- The access bypass issue in the Book module was reported by Mark Lindsey.
- The access bypass issue in the Drupal 7 Image module was reported by Kressin Roger, Christian Johansson, Anders Olsson and saschadrupal.
Fixed by
- The cross-site scripting issue in various Drupal core and contributed modules was fixed by t.ashula, Théodore Biadala, Katherine Bailey, Steve De Jonghe and J. Renée Beach, and by Dylan Tack, Greg Knaddison, David Rothstein and Damien Tournoud of the Drupal Security Team.
- The access bypass issue in the Book module was fixed by Mark Lindsey, and by Fox, David Rothstein and Peter Wolanin of the Drupal Security Team.
- The access bypass issue in the Drupal 7 Image module was fixed by Heine Deelstra of the Drupal Security Team, and by Anders Olsson.
Coordinated by
- David Rothstein, Gábor Hojtsy, Stéphane Corlosquet, Greg Knaddison, Heine Deelstra and Peter Wolanin of the Drupal Security Team
- Jeremy Thorson of the QA/Testing Infrastructure Team
Contact and More Information
The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact.
Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.
Drupal version: