A Joomla upgrade can be performed directly in the Joomla administrative backend. For users with multiple sites, we recommend updating all your sites from Watchful.li — a centralized site manager for Joomla.
Joomla 3.3.6 and 3.2.7 Security Releases now available
Joomla 3.3.6 and 3.2.7 Security Updates have been released.
Joomla 3.3.5 and 3.2.6 were retracted and the same tracker and security issues notes in that release are included in this release.
If you have already installed 3.3.5 or 3.2.6 the Joomla Updater will not work this one time to update the site. You can use Method B of the upgrade instructions found in the Joomla WIKI to update. Note that Watchful subscribers are not affected by the updater bug and may use their Watchful.li dashboard to upgrade as usual.
This is a security release adressing 1 High Priority -  - Core - Remote File Inclusion and - 1 Medium Priority -  - Core - Denial of Service vulnerability as well as resolves 9 tracker issues.
IMPORTANT NOTE: Joomla 3.3.0 and higher requires PHP 5.3.10 for server that have yet to be updated the Joomla 3.2.7 bridge release that includes the patches for the 2 vulnerabilities is also available which can be used with PHP versions 5.3.1 through 5.3.9. It is highly recommended that servers are update to the latest version of PHP 5.3 for best performance, security and compatibility (current release is PHP 5.3.29). Note that older releases will be prompted to update to Joomla 3.2.4 before upgrading to Joomla 3.3.4
This is a security and maitenenance release.
Full details can be found in the official 3.3.6 release announcement at joomla.org.