We don't normally write blog posts about security updates for Joomla but on this occasion we feel it's important to make people aware of a critical security vulnerability in all versions of Joomla 1.5, 2.5 and 3.4.
An update was released by the Joomla project team on 21/12/2015 which fixes the security vulnerability in all versions of Joomla 1.5, 2.5 and 3.4.
The update resolves the following issues
- High Priority - Core - Remote Code Execution (affecting Joomla 1.5 through 3.4.5) More information
- Low Priority - Core - CRSF Hardening (affecting Joomla 3.2.0 through 3.4.5) More information.
- Low Priority - Core - Directory Traversal (affecting Joomla 3.2.0 through 3.4.5) More information.
- Low Priority - Core - Directory Traversal (affecting Joomla 3.4.0 through 3.4.5) More information
You can read the official announcements by visiting
- https://www.joomla.org/announcements/release-news/5641-joomla-3-4-6-released.html
- https://www.joomla.org/announcements/release-news/5643-joomla-3-4-7.html
Where can i find the Update for Joomla 2.5?
The development team has been kind enough to release a patch for Joomla 2.5 to, they don’t have to as 2.5 reached end of life in december 2014 but they have so thank you to the community for releasing a patch for 2.5 so quickly.
You can find out more by visiting https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
Updating 2.5 is pretty simple you just need to complete the following steps.
- download the updated security patch by visiting https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
- Open your FTP software
- Browse to the following directory \libraries\joomla\session\
- Update the session.php file
Before updating your website we recommend you read the following blog post which you may find useful http://www.energizethemes.com/blog/joomla/things-to-do-before-updating-joomla.html
We hope you find this blog post useful and we recommend after reading this post you update your website straight away.