Joomla! 1.5.7 has been released

14 posts / 0 new
Last post
#1 Wed, 09/10/2008 - 14:04
sgrayban

Joomla! 1.5.7 has been released

Joomla! 1.5.7 has been released over at www.Joomla.org

Joomla 1.5.7 addresses several SECURITY issues reported and is now fixed in Joomla 1.5.7

If you are running any other Joomla 1.5.x version you MUST UPGRADE to Joomla 1.5.7 or your site can and probably will be compromised, or used as a spam engine!

See bug http://www.virtualmin.com/bugs/index.php?do=details&task_id=4555

Sun, 09/21/2008 - 13:47
larryish

Two of my sites got owned and both were defaced, one had a malicious javascript added to the template index. Fortunately the Joomla passwords were not the same as the server passwords.

Wiped both Joomla installs, installed 1.5.6 and patched to 1.5.7, all good so far.

Guess I should thank the invaders for merely defacing the sites, they could have been clever instead and turned the scripts to their advantages by installing some custom modules. Something like that could go unnoticed for a long time.

On a side note, I have noticed some unusual requests in Awstats 404 section relating to Joomla, and quite a few referrers coming from Google "Powered by Joomla".

People are going nuts with whatever new exploit is out. If you use Joomla you should patch yourself with the quickness.

Sun, 09/21/2008 - 14:28 (Reply to #2)
Joe
Joe's picture

We rolled out 3.61-2 with Joomla 1.5.7 (and the Wordpress security update) several days ago. In this case, there's need to manually patch--just stay on top of updates via the Virtualmin Package Updates module.

--

Check out the forum guidelines!

Thu, 09/11/2008 - 05:49
ronald
ronald's picture

this is very important, because this morning at 04.29 local time apparently someone had changed my admin password and blocked the login for the second admin.

I upgraded and replaced the database with yesterdays backup.
All is well now and no further damage has been done past 12 hours.

there is a critical bug (0-day) in the older versions

Sat, 09/13/2008 - 15:44 (Reply to #4)
jflesher

Today is tomorrow I know how it goes; I checked for updates; still show 3.61(pro) didn't show -1?

Can you make a link available for the Joomla 1.5.7?

Thanks; you guys Rock!

Jeff

Jeffrey Scott Flesher
Medically Retired Gulf War Vet

Mon, 09/15/2008 - 03:21 (Reply to #5)
ronnikc
ronnikc's picture

Is 3.61-2 on the way?

(And ps. VM2 now that i write here anyways)

redHOST.dk | redHOST.pro | redHOST.vn | redHOST.se

Mon, 09/15/2008 - 05:21 (Reply to #6)
ronald
ronald's picture

the patch for joomla or full dl cab be obtained here:
http://www.joomla.org/announcements/release-news/5212-joomla-157-securit...

this can't wait really as a blackhat guy had gained entrance to one of my domains.

Mon, 09/15/2008 - 08:41 (Reply to #7)
sgrayban

If you read my bug report you will find a answer.....

http://www.virtualmin.com/bugs/index.php?do=details&task_id=4555

I usually don't post them for funzies.

Sun, 06/07/2009 - 07:29 (Reply to #8)
jflesher

Sorry I didn't read the posted link; now I understand; yes it worked great; Thanks.

Just for others;
Edit your joomla.pl

/usr/share/webmin/virtual-server/scripts/joomla.pl
or like mine
/usr/libexec/webmin/virtual-server/scripts/joomla.pl

Line 22:
return ( "1.5.7", "1.0.15" );

Line 142:
"http://joomlacode.org/gf/download/frsrelease/8376/30992/Joomla_$ver-Stable-Full_Package.tar.gz" } );

I guess we don't need to ask for an update; we can just edit it ourself if we need too.

Jeff

Jeffrey Scott Flesher
Medically Retired Gulf War Vet

Sun, 06/07/2009 - 07:29 (Reply to #9)
jflesher

Sorry I didn't read the posted link; now I understand; yes it worked great; Thanks.

Just for others;
Edit your joomla.pl

/usr/share/webmin/virtual-server/scripts/joomla.pl
or like mine
/usr/libexec/webmin/virtual-server/scripts/joomla.pl

Line 22:
return ( "1.5.7", "1.0.15" );

Line 142:
"http://joomlacode.org/gf/download/frsrelease/8376/30992/Joomla_$ver-Stable-Full_Package.tar.gz" } );

I guess we don't need to ask for an update; we can just edit it ourself if we need too.

Jeff

Jeffrey Scott Flesher
Medically Retired Gulf War Vet

Thu, 09/11/2008 - 10:30
Joe
Joe's picture

We'll roll out a 3.61-2 update today with this fix (and the Wordpress security update, as well).

--

Check out the forum guidelines!

Mon, 09/15/2008 - 11:25
jflesher

If we upgrade using the Joomla patch VM will not show the update; my question is; when it becomes available and if we apply it so VM is right; will it work right. I'm just not sure about patching if manually at this point; but I can't wait for someone to hack my sites either.

Jeffrey Scott Flesher
Medically Retired Gulf War Vet

Mon, 09/15/2008 - 11:38 (Reply to #12)
sgrayban

VM *WILL* show the update -- seriously people I will not lead you astray here. Just do it and stop complaining about this.

Mon, 09/15/2008 - 12:24
sgrayban

Links are there for a reason when I post them :) It cuts down on repeating exactly what you did.

Topic locked