Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2017.0191 Security Announcements 9 November 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Joomla! Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2017-16633 Member content until: Saturday, December 9 2017 OVERVIEW A vulnerability has been identified in Joomla! in versions 3.7.0 through 3.8.1. [1] IMPACT The vendor has provided the following information: "[20171103] - Core - Information Disclosure Project: Joomla! SubProject: CMS Severity: Low Versions: 3.7.0 through 3.8.1 Exploit type: Information Disclosure Reported Date: 2017-May-17 Fixed Date: 2017-November-07 CVE Number: CVE-2017-16633 Description A logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users." [1] MITIGATION The vendor recommends updating to the latest version of Joomla! to correct these issues. [1] REFERENCES [1] Security Announcements https://developer.joomla.org/security-centre/715-20171103-core-information-disclosure.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWgPC5ox+lLeg9Ub1AQiQOA/9GDoWWsGyVFKbWgpW1GxlQXIs1lfhl8B9 X/DCAut1gbUCvT9f99cPFiz/4n5pTXDYImN+VllkFnrAdZvY/i3MSGDPQoFi4X+U T9QJIRUbVM21BYmJ83/FveaQi8eauHk/JnjRgA5INLMlFFa4+OBwyF45+Z3vN8hL 2DJ67y1fXoVpk0nIWsGZPqrc4HCsOsDUQqbEkidtTuMtXpYo5EuUqRaEIpzF96nf JOm2Hg+rq5jpiAKS0GvaYzDQn4F8hBS7wJqC8CtO92jWr8eTfFqA/x50F1IdJDGA KT5gY1ZuHoo4vud3ffhKrng0uq3lyjcUBlh8mseR/VVnQgYFmfHDnPQNRr1OrYNw KTo4BCF0vJJL2XB8kAf3Oe1NUdzyeqxd7DIRfqPd/yMioRRh1Eit6WUNIiSIHBaa NtxXB4zsnIYAxL+VwlnjcAhRsND8n71zHQuNOICZ3G7cALYDtXvo15kTdTLBS9Au 8C/s41FLlmRD3bXg1lCUJcXINSeW27F0nyeOfmVgTqyKLqisHDPOXysW+V9KGQ6i R9DO7c+7ye3SKxjvCCvKfQLnGSD3m7olvt8C7IMjgvAmsVImJ6Kt+rhcFwuItrGQ F9dTYsgscKXa1Svo5ZQScW3r6CpXEGuVv4Gctrj/rAc3HlL/Oms5BF8c8W/Rw1MU y0I5W6CkEuc= =NXwH -----END PGP SIGNATURE-----