040 Hosting Blog » Security

Easy to miss joomla patch 1.5.20 is here.

patrick — Tue, 20 Jul 2010 07:03:41 +0000

Soon after 1.5.19 a new joomla patch was brought out a few days later version 1.5.20; due to the short timespan between, some may have missed this update.

The Joomla Project announces the immediate availability of Joomla 1.5.20 [senu takaa]. This is a security release that addresses issues with the Joomla 1.5.19 packages. We recommend users upgrade immediately.

Link to joomla site.

Post from: 040 Hosting Blog. The blog from 040 Hosting, a leading web hosting partner.

Easy to miss joomla patch 1.5.20 is here.

Joomla Security Update 1.5.19 released

patrick — Fri, 16 Jul 2010 12:53:50 +0000

* [20100704] – Core – XSS Vulnerabillitis in Back End
* [20100703] – Core – XSS Vulnerabillitis in Back End
* [20100702] – Core – XSS Vulnerabillitis in Back End
* [20100701] – Core – SQL Injection / Internal Path Exposure

More information can be found on the Joomla website.

Post from: 040 Hosting Blog. The blog from 040 Hosting, a leading web hosting partner.

Joomla Security Update 1.5.19 released

Joomla: XSS Injection patch upgrade to 1.5.18 or later

patrick — Sat, 29 May 2010 12:45:11 +0000

[20100501] – Core – XSS Vulnerabilities in Back End

Posted: 27 May 2010 05:00 PM PDT

Project: Joomla!
SubProject: All
Severity: High
Versions: 1.5.17 and all previous 1.5 releases
Exploit type: XSS Injection
Reported Date: 2010-May-13
Fixed Date: 2010-May-28

Description

Back-end user can inject javascript in various administrator screens.

Affected Installs

All 1.5.x installs prior to and including 1.5.17 are affected.

Solution

Upgrade to the latest Joomla! version (1.5.18 or later)

Reported by Riyaz Ahemed

Contact

The JSST at the Joomla! Security Center.

Post from: 040 Hosting Blog. The blog from 040 Hosting, a leading web hosting partner.

Joomla: XSS Injection patch upgrade to 1.5.18 or later

Joomla 1.5.17 released

patrick — Thu, 29 Apr 2010 17:59:43 +0000

The Joomla Project announces the immediate availability of Joomla 1.5.17 [Wojmamni ama woobusani]. This is a priority release to correct two issues in version 1.5.16. Although there are no security issues fixed in this release, we consider it a security release because a security-related bug has been fixed and because many sites may be upgraded directly from 1.5.15 to 1.5.17.

The Development Working Group’s goal is to continue to provide regular, frequent updates to the Joomla community.

Post from: 040 Hosting Blog. The blog from 040 Hosting, a leading web hosting partner.

Joomla 1.5.17 released

Joomla 1.5.16 security update released

patrick — Sat, 24 Apr 2010 15:36:53 +0000

The Joomla team just released Joomla 1.5.16 security update, the following patches have been included:

[20100423] – Core – Negative Values for Limit and Offset
[20100423] – Core – Installer Migration Script
[20100423] – Core – Sessation Fixationy
[20100423] – Core – Password Reset Token

Make sure you install these updates as soon as possible to keep your installation as up to date as possible.

If you are one of our SAAS users you have already been updated and do no to take any action on the report.

Post from: 040 Hosting Blog. The blog from 040 Hosting, a leading web hosting partner.

Joomla 1.5.16 security update released

Joomla Vulnerable Extensions List

patrick — Sat, 19 Dec 2009 17:57:53 +0000

Joomla publishes information about modules they are aware of are vulnerable, this list is updated monthly and a good resource to check from time to time to see if you are using any of the vulnerable modules. You will find the vulnerable extensions list here.

Vulnerable Extensions List

Post from: 040 Hosting Blog. The blog from 040 Hosting, a leading web hosting partner.

Joomla Vulnerable Extensions List

040 Hosting Upgraded to cPanel 11.25(Release)

patrick — Thu, 17 Dec 2009 09:06:41 +0000

cPanel 11.25 has been released; some of the new Features are:

Security

Safeguarding your account — and your peace of mind — are important to us. That’s why new security features are added to cPanel/WHM 11.25. The security token system helps prevent cross-site request forgery (XSRF) attacks by appending URLs with a session token. cPanel also changed the way cPanel handles blank referer checks, to make them more accurate. If a page is sent inside an existing session with a blank referer, it will trigger an XSRF prevention page.

Improved IMAP Support for Mobile Devices

Version 11.25 provides a number of enhancements that improve access to mobile devices. For example, cPanel/WHM will use cookie instead of HTTP authentication with compatible devices, which will reduce the number of authentication requests by up to 50% in many cases.

Refined User Interfaces

cPanel users will benefit from a quick-loading cPanel home page, as well as improvements to the Email Accounts interface. This screen has been streamlined, making it easier to use and faster than ever before.

11.25 also includes a simpler, faster password validation system that unifies client and server password strength ratings, for greater consistency and reliability.

Simple / Advanced DNS Zone Editor

As from 11.25 you will find a Simple DNS Zone Editor in your control-panel; if you like to have full access to your DNS Zone setup; you can request access to the Advanced DNS Zone Editor, however your are also free to ask our support team for help and configuring your DNS; this feature is only for the professional which needs some more control of its domains.

Post from: 040 Hosting Blog. The blog from 040 Hosting, a leading web hosting partner.

040 Hosting Upgraded to cPanel 11.25(Release)

Ksplice Uptrack used by 040Hosting

patrick — Thu, 10 Dec 2009 09:20:25 +0000

040 Hosting uses Ksplice Uptrack to keep their servers up to date with the latest kernel updates; by utilizing Ksplice Uptrack services our Shared, Semi-Dedicated and Reseller services do not need to be rebooted at each kernel update; but will be using this new technology to give our users the most uptime and the least inconvience possible while keeping our servers as much up to date as possible. Read more.

Post from: 040 Hosting Blog. The blog from 040 Hosting, a leading web hosting partner.

Ksplice Uptrack used by 040Hosting

GoogleDNS is coming but you told us to use OpenDNS

patrick — Fri, 04 Dec 2009 14:55:41 +0000

Yes we did indeed, several times we posted about OpenDNS on our blog; and recommended them to several of our users; and we still do. We believe that what OpenDNS does to DNS it a honest and great service. They have shown to their users they DO listen to their customer base and they did prove they deliver a professional platform.

I would advise to read David’s comments on the new google service; your may find his article here.

Post from: 040 Hosting Blog. The blog from 040 Hosting, a leading web hosting partner.

GoogleDNS is coming but you told us to use OpenDNS

Bug in latest Linux gives untrusted users root access

patrick — Wed, 04 Nov 2009 15:44:03 +0000

A software developer has uncovered a bug in most versions of Linux that could allow untrusted users to gain complete control over the open-source operating system.

The null pointer dereference flaw was only fixed in the upcoming 2.6.32 release candidate of the Linux kernel, making virtually all production versions in use at the moment vulnerable. While attacks can be prevented by implementing a common feature known as mmap_min_addr, the RHEL distribution, short for Red Hat Enterprise Linux, doesn’t properly implement that protection, Brad Spengler, who discovered the bug in mid October, told The Register.

Read the complete article at The Register. New kernels are available for Redhat and CentOS (obviously), and likely others who may be affected.

At the moment of publishing all main servers have been updated and others are scheduled for tonight.
Note: this article was placed on the 4th of november 2009

Post from: 040 Hosting Blog. The blog from 040 Hosting, a leading web hosting partner.

Bug in latest Linux gives untrusted users root access