Nytro Posted September 30, 2014 Report Posted September 30, 2014 Joomla! 3.3.5 Released – Fixing High Priority Security Issues By Daniel Cid on September 30, 2014The Joomla team just released versions 3.3.5, 3.2.6 and 2.5.26, patching high priority security issues. The first one is an Remote File Include (RFI) vulnerability and the second one is a Denial of Service (DoS) vulnerability that affect all previous versions. If you are using Joomla, stop what you are doing and update it now! The good news for our clients and what’s very exciting for us, me especially, is to see how the virtual hardening on our CloudProxy Website firewall protected our clients automatically against this vulnerability. As our researchers started to analyze the disclosure, we quickly noticed that it was already covered and the URL used to trigger this bug was already blocked by default. It means that our clients got zero-day protection without anyone even knowing about this issue. For more information on these vulnerabilities, you can get straight from the Joomla! release notes: High Priority – Core – Remote File Inclusion: Project: Joomla!SubProject: CMSSeverity: ModerateVersions: 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4Exploit type: Remote File InclusionReported Date: 2014-September-24Fixed Date: 2014-September-30CVE Number: CVE-2014-7228 Inadequate checking allowed the potential for remote files to be executed. This issue was discovered by Johannes Dahse and disclosed to Akeeba (and Joomla). The Akeeba team released a good post explaining the issue. We recommend reading if you are interested in the technical details. Medium Priority – Core – Denial of Service: Project: Joomla!SubProject: CMSSeverity: LowVersions: 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4Exploit type: Denial of ServiceReported Date: 2014-September-24Fixed Date: 2014-September-30CVE Number: CVE-2014-7229 Inadequate checking allowed the potential for a denial of service attack. Again, if you are using the Joomla! we highly recommend updating immediately. Sursa: Joomla! 3.3.5 Released – Fixing High Priority Security Issues | Sucuri Blog Quote
