Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2012.0140 Cross-site scripting vulnerability fixed in Joomla 3.0.1 15 October 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Joomla Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Cross-site Scripting -- Remote with User Interaction Resolution: Patch/Upgrade Member content until: Wednesday, November 14 2012 OVERVIEW Joomla 3.0.1 has been released. IMPACT A cross-site scripting vulnerability has been fixed in the latest release of Joomla. The following information is from the vendor's website: "Typographical error leads to XSS vulnerability in language search component." [1] MITIGATION All users should update to the latest version. [2] REFERENCES [1] [20121001] - Core - XSS Vulnerability http://developer.joomla.org/security/news/541-20121001-core-xss-vulnerability [2] JOOMLA 3.0.1 RELEASED http://www.joomla.org/announcements/release-news/5468-joomla-3-0-1-released.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUHtrz+4yVqjM2NGpAQJ2AA//a2YEdclmZSPCKD6pSC/UpwLsZix4X+fN 5j01LBsuZ27kGipv4XPHb9K+IRjhYh7CEmGGfFR/U38GXbT+8kQ6U8lwdlbf7yeJ 1Cnxf2HKEJE1XtqXk6ZZJ2PwZhFDopluLIyJ+tmrOFfcT8IRw6kKZ6r6CNhNfNos QTZWEUHb+xt1AyFCJ4eHhtRvAcaPaagFYbp8tRGVz0L9JglDEwJjG7I5sxwIz6dO JkZDqBHDe2mBxiH7jAbRQV6Ogd0ILg+WhHzcYTIhSfcO9hywLGwBCtTzLdGQnrbk plpyHAAgSPhH/b8K7svrgs5zTvjBixlxZI7wot0U6FpbjYg6Hohn1QTeKWmZ0jDw Kk3hTlQsP2BvTPkOqmQ9aVwlH6Kk9ZFyObzEknEVlJVkqiXyLwCQcAhmNQsA/ICt ezdvkWuiOxVWYpkiXdoeMVADJ/+3+huaNgosnXupRp1f4ddTi5k87jVT8UxP/IhX CXy+Jnx/+uRl71JCJV8fKOJ9kKS6IV8O6xEpi6u/aSsxSBfseN33wFAA7xKNr9IH lSudv/izZg56wcM4UEcQGAqmk2viVpJbxs7XUo3Fi1Ue9tziSkVNg5Pw1g5d5pHC e1MLe4DSeQTDhh70U+G6OLBeCkhR0kaNBunVAMn/e42/u8rr6e4b0iyWEYR8NnPv VJYp8JbMDo4= =6U3B -----END PGP SIGNATURE-----