Alert GCSA-20019 - Aggiornamento di sicurezza per Joomla!
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-20019
Data: 11 marzo 2020
Titolo: Aggiornamento di sicurezza per Joomla!
******************************************************************
:: Descrizione del problema
E' stata rilasciata una nuova versione del CMS Joomla!
che risolve 6 vulnerabilita' di sicurezza
ed include oltre 20 correzioni e miglioramenti.
[20200301] - Core - CSRF in com_templates image actions
[20200302] - Core - XSS in Protostar and Beez3
[20200303] - Core - Incorrect Access Control in com_templates
[20200304] - Core - Identifier collisions in com_users
[20200305] - Core - Incorrect Access Control in com_fields SQL field
[20200306] - Core - SQL injection in Featured Articles menu parameters
Maggiori dettagli sono disponibili nella segnalazione
ufficiale alla sezione "Riferimenti".
:: Software interessato
Joomla! CMS versioni precedenti alla 3.9.16
:: Impatto
SQL injection
Cross Site Scripting (XSS)
Cross Site Request Forgery (CSRF)
Improper Access Control
:: Soluzioni
Aggiornare Joomla! alla versione 3.9.16
https://downloads.joomla.org/cms/joomla3/3-9-16
Joomla! update instructions
https://docs.joomla.org/J3.x:Updating_from_an_existing_version/it
:: Riferimenti
Joomla! 3.9.16 Release
https://www.joomla.org/announcements/release-news/5783-joomla-3-9-16.html
Disponibile aggiornamento sicurezza Joomla!
https://www.joomla.it/notizie/rilasci-joomla/9054-disponibile-aggiornamento-sicurezza-joomla-3-9-16.html
Joomla! Security Announcements
https://developer.joomla.org/security-centre/802-20200301-core-csrf-in-com-templates-image-actions.html
https://developer.joomla.org/security-centre/803-20200302-core-xss-in-protostar-and-beez3.html
https://developer.joomla.org/security-centre/804-20200303-core-incorrect-access-control-in-com-templates.html
https://developer.joomla.org/security-centre/805-20200304-core-identifier-collisions-in-com-users.html
https://developer.joomla.org/security-centre/806-20200305-core-incorrect-access-control-in-com-fields-sql-field.html
https://developer.joomla.org/security-centre/807-20200306-core-sql-injection-in-featured-articles-menu-parameters.html
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10242
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10238
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10240
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10239
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10243
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFeaORuwZxMk2USYEIRAuSRAJwJNFYkQkWkAdqi9Jlp3+caaSCAiwCffXQ+
GW+Q4TDjKwQRAZGuveL1eZE=
=ZRPp
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-20019
Data: 11 marzo 2020
Titolo: Aggiornamento di sicurezza per Joomla!
******************************************************************
:: Descrizione del problema
E' stata rilasciata una nuova versione del CMS Joomla!
che risolve 6 vulnerabilita' di sicurezza
ed include oltre 20 correzioni e miglioramenti.
[20200301] - Core - CSRF in com_templates image actions
[20200302] - Core - XSS in Protostar and Beez3
[20200303] - Core - Incorrect Access Control in com_templates
[20200304] - Core - Identifier collisions in com_users
[20200305] - Core - Incorrect Access Control in com_fields SQL field
[20200306] - Core - SQL injection in Featured Articles menu parameters
Maggiori dettagli sono disponibili nella segnalazione
ufficiale alla sezione "Riferimenti".
:: Software interessato
Joomla! CMS versioni precedenti alla 3.9.16
:: Impatto
SQL injection
Cross Site Scripting (XSS)
Cross Site Request Forgery (CSRF)
Improper Access Control
:: Soluzioni
Aggiornare Joomla! alla versione 3.9.16
https://downloads.joomla.org/cms/joomla3/3-9-16
Joomla! update instructions
https://docs.joomla.org/J3.x:Updating_from_an_existing_version/it
:: Riferimenti
Joomla! 3.9.16 Release
https://www.joomla.org/announcements/release-news/5783-joomla-3-9-16.html
Disponibile aggiornamento sicurezza Joomla!
https://www.joomla.it/notizie/rilasci-joomla/9054-disponibile-aggiornamento-sicurezza-joomla-3-9-16.html
Joomla! Security Announcements
https://developer.joomla.org/security-centre/802-20200301-core-csrf-in-com-templates-image-actions.html
https://developer.joomla.org/security-centre/803-20200302-core-xss-in-protostar-and-beez3.html
https://developer.joomla.org/security-centre/804-20200303-core-incorrect-access-control-in-com-templates.html
https://developer.joomla.org/security-centre/805-20200304-core-identifier-collisions-in-com-users.html
https://developer.joomla.org/security-centre/806-20200305-core-incorrect-access-control-in-com-fields-sql-field.html
https://developer.joomla.org/security-centre/807-20200306-core-sql-injection-in-featured-articles-menu-parameters.html
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10242
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10238
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10240
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10239
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10243
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFeaORuwZxMk2USYEIRAuSRAJwJNFYkQkWkAdqi9Jlp3+caaSCAiwCffXQ+
GW+Q4TDjKwQRAZGuveL1eZE=
=ZRPp
-----END PGP SIGNATURE-----