Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2017.0094 Joomla! 3.7.3 is now available. This is a security release for the 3.x series of Joomla! 7 July 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Joomla Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Access Confidential Data -- Existing Account Cross-site Scripting -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2017-9933 CVE-2017-9934 CVE-2017-7985 Member content until: Sunday, August 6 2017 OVERVIEW A security release for the 3.x series of Joomla! that fixes security vulnerabilities affecting versions prior and including 3.7.2. [1] IMPACT The vendor has provided the following information: "CVE-2017-9933 [20170701] - Core - Information Disclosure Affected Installs: Joomla! CMS versions 1.7.3-3.7.2" [2] "CVE-2017-9934 [20170702] - Core - XSS Vulnerability Affected Installs: Joomla! CMS versions 1.7.3-3.7.2" [3] "CVE-2017-7985 [20170703] - Core - XSS Vulnerability Affected Installs: Joomla! CMS versions 1.5.0-3.7.2" [4] MITIGATION The vendor recommends updating to the latest version of Joomla! to correct these issues. [1] "Upgrade to version 3.7.3" [2][3][4] REFERENCES [1] Joomla! 3.7.3 Release https://www.joomla.org/announcements/release-news/5709-joomla-3-7-3-release.html [2] [20170701] - Core - Information Disclosure https://developer.joomla.org/security-centre/696-20170601-core-information-disclosure [3] [20170702] - Core - XSS Vulnerability https://developer.joomla.org/security-centre/697-20170602-core-xss-vulnerability [4] [20170703] - Core - XSS Vulnerability https://developer.joomla.org/security-centre/698-20170603-core-xss-vulnerability.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWV8TkIx+lLeg9Ub1AQgGag//TjUNuqNqPx08oi1LR+Jl5S6zo1h5skfX a82bcAJOmI+kZGADyR4R/bkgVZf+V33r6ez9WKLjKfJsCZFaU4eifUAYvGiMlEN7 brS/oO/lZtSS3EgVKGIS6jfhSiUboF3e88ScFPQiww6altEzjRdh3Aiz31t+qphY 8DxHMlQ8/UxCe9pYpDvFH3JbeTd76ANwrFXJUQY5IfhIgoI6qRHqbgyVKu4stCru cjIqkG9cL8/zgyYmD0UR4Hf50FmeTUNO7lUz06IZIHagv+ihuRQNWjCUZM31HGlG 98+GYPreU46nGiRYPwKsqU6gj/ICM5Jzx1ZivNw3w34/baTsUjjWS0T3/SEH820R QQipaeV1Mlzxiq6Cmp7vEp2JleyR5azha6GAk0csVLYwClGgtpneX3GOEJkiLx3Z O13vMPngGaPkwUeSxjYyv2cmOMdp0/yy/r3oOVjr5FoJJcgkTbVtp69XI1EU7z5e u1cPFIekv0fvGkn0yZtjA4Ek8lZgttk/SHrykc4IOtWCXt8O3ck7+JH2pRJZVXhP EHtzXWaxmH4PVx9Vz76Snk54HaSQuP6wCzMXEULqWVmUwN4lwwDQTWnafLHpX1IY vKaIQB3QG3F5FjVpeZHrwFOgUbI9uGP8bl5/yxmHB8fufdtxw0G/bHemVUirepK/ XS09Thl+avc= =YWxU -----END PGP SIGNATURE-----