Category Archives: Security Update

Keep Your Website Secure
Find out the important measures, including keeping software updated, that will keep your website secure here.

Revive Adserver 3.0.3 Released

Revive Adserver 3.0.3 was released today. The version includes a number of bug fixes and some new features, including “support for WebM videos in the IAB Video plugin”

The new version also removes the Zend XML-RPC library. The version of library that shipped with OpenX and prior versions of Revive Adserver contained a security vulnerability. The vulnerability was not exploitable in Revive Adserver, but could have been exploitable if a plugin used the library. We would like to thank the Revive Adserver team for dealing with this security issue after we reported it to them, unlike OpenX whom we contacted in July of 2012 to alert them to the vulnerability but never received any response.

More information is available in the release notice.

Posted in Revive Adserver, Security Update | Leave a comment

MediaWiki 1.19.13, 1.21.7, and 1.22.4 Released

MediaWiki 1.19.13, 1.21.7, and 1.22.4 were released yesterday. MediaWiki 1.19.3 fixes a security issue and all the new versions include a bug fix.

More information is available in the release announcement for 1.19.13, 1.21.7, and 1.22.4.

Posted in MediaWiki, Security Update | Leave a comment

Moodle 2.4.9, 2.5.5, and 2.6.2 Released

Moodle 2.4.9, 2.5.6, and 2.6.2 were released today. The new versions include “small improvements”, bug fixes, and security fixes. Details of the security vulnerabilities fixed will be released later.

Update (March 17, 2014): Moodle has now released information on the security issues fixed in the releases.The new versions fix three serious vulnerabilities, two that could lead improper access and one that could allow “students to see pages of other students’ individual wikis”.

More information is available in the release notes for 2.4.9, 2.5.5, and 2.6.2.

Posted in Moodle, Security Update | Leave a comment

Joomla 2.5.19 and 3.2.3 Released

Joomla 2.5.19 and 3.2.3 were released today. The new versions fix a number of bugs and fix several security issues. The security fixes include a high priority SQL injection vulnerability fixed in 3.2.3 and a medium priority unauthorized login vulnerability fixed in both versions.

More information is available in the release announcements for 2.5.19 and 3.2.3.

Posted in Joomla, Security Update | Leave a comment

MediaWiki 1.19.12, 1.21.6, and 1.22.3 Released

MediaWiki 1.19.12, 1.21.6, and 1.22.3 were released yesterday. The new versions fix several security issues, including blocking the uploading of some potentially malicious files. MediaWiki 1.22.3 also fixes several of bugs.

More information is available in the release announcement for 1.19.12, 1.21.6, and 1.22.3.

Posted in MediaWiki, Security Update | Leave a comment

MediaWiki 1.19.11, 1.21.5, and 1.22.2 Released

MediaWiki 1.19.11, 1.21.5, and 1.22.2 were released yesterday. The new versions fix remote code execution vulnerabilities that were exploitable if you have “enabled file upload support for DjVu (natively supported by MediaWiki) or PDF files (in combination with the PdfHandler extension)”.  MediaWiki 1.22.2 also fixes a couple of bugs.

More information is available in the release announcement for 1.19.11, 1.21.5, and 1.22.2.

Posted in MediaWiki, Security Update | Leave a comment

MediaWiki 1.19.10, 1.21.4, and 1.22.1 Released

MediaWiki 1.19.10, 1.21.4, and 1.22.1 were released last Tuesday. MediaWiki 1.21.1 fixes several bugs. The new versions also fix security issues that could lead to cross-site scripting (XSS) and sanitization being bypasswed.

More information is available in the release announcement for 1.19.10, 1.21.4, and 1.22.1.

Posted in MediaWiki, Security Update | Leave a comment

Drupal 6.30 and 7.26 Released

Drupal 6.30 and 7.26 were released on Wednesday. The new versions fix a vulnerability that could allow user impersonation through the OpenID module. Drupal 7.26 also fixes a bug that could allow users to see unpublished content they do not have permission to see and provides custom and contributed code to take advantage of an additional security check.

More information is available in the release notes for 6.30 and 7.26.

Posted in Drupal, Security Update | Leave a comment

Moodle 2.3.11, 2.4.8, 2.5.4, and 2.6.1 Released

Moodle 2.3.11, 2.4.8, 2.5.5, and 2.6.1 were released today. The new versions include “small improvements”, bug fixes, and security fixes. Details of the security vulnerabilities fixed will be released later.

Update (January 21, 2014): Moodle has now released information on the security issues fixed in the releases. The new versions fixed two cross-site request forgery (CSRF) vulnerabilities, a vulnerability that allowed some users to log in as other users, and a bug in all but 2.3.x that sometimes would cause passwords to be recorded in plain text.

More information is available in the release notes for 2.3.11, 2.4.8, 2.5.4, and 2.6.1.

Posted in Moodle, Security Update | Leave a comment

Revive Adserver 3.0.2 Released

Revive Adserver 3.0.2 was released today. The new version fixes a vulnerability in older versions, including its precursor OpenX, that could allow an attacker backed access to the ad server through a SQL injection.

More information is available in the release notice.

Posted in Revive Adserver, Security Update | Leave a comment