In association with heise online

15 November 2011, 12:25

Joomla! updates close security holes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Joomla logo The Joomla! open source CMS has been updated after an error in random number generation when resetting passwords was found that could be exploited by an attacker to change a user's password. The 1.5.x versions, 1.6.x versions and 1.7.x versions are affected. Joomla! 1.5.25 and 1.7.3 have been released to address the issue described by the developers as "high-risk". Another security issue in version 1.7.x, involving inadequate filtering of an unspecified field, which could be used for cross site scripting (XSS) attacks has also been addressed.

Versions of the 1.5.x and 1.7.x branches up to and including 1.5.24 and 1.7.2 are affected, as is the entire 1.6.x branch. The update also addresses more than 70 non-security-related bugs. All users are advised to upgrade. More details about the updates can be found in the 1.5.25 and 1.7.3 release announcements, as well as the Joomla! security advisories. Joomla! 1.5.25 and 1.7.3 are available to download from the project's site. Joomla! is licensed under the GPL and is sponsored by Open Source Matters, Inc., a non-profit organisation.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit