Ubuntu: 1917-1: Linux kernel vulnerability
(Jul 29) The system could be made to crash or run programs as an administrator.
(Jul 29) The system could be made to crash or run programs as an administrator.
(Jul 30) The system could be made to crash or run programs as an administrator.
(Jul 30) An updated sos package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More…]
(Jul 30) An updated haproxy package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More…]
The following issue has been fixed:
[-] Security improvements.*
Important: Regular updates of Parallels Plesk Panel and third-party components guarantee that your server stays secure against malicious attacks.
* We would like to thank Rack911.com for their help in investigating a number of security issues.
(Jul 29) Yarom and Falkner discovered that RSA secret keys could be leaked via a side channel attack, where a malicious local user could obtain private key information from another user on the system. [More…]
(Jul 29) The system could be made to crash or run programs as an administrator.
(Jul 29) The system could be made to crash or run programs as an administrator.
(Jul 29) Yarom and Falkner discovered that RSA secret keys in applications using the libgcrypt11 library, for example GnuPG 2.x, could be leaked via a side channel attack, where a malicious local user could obtain private key information from another user on the system. [More…]
(Jul 27) Maxim Shudrak and the HP Zero Day Initiative reported a denial of service vulnerability in BIND, a DNS server. A specially crafted query that includes malformed rdata can cause named daemon to terminate with an assertion failure while rejecting the malformed query. [More…]
(Jul 28) OpenAFS, the implementation of the distributed filesystem AFS, has been updated to no longer use DES for the encryption of tickets. Additional migration steps are needed to fully set the update into effect. For more information please see the upstream advisory: [More…]
(Jul 29) Bind could be made to crash if it received specially crafted networktraffic.
[*] Now the mail service works on domains suspended through the Panel GUI.
Before | Now |
When a user suspended a domain in the Control Panel, the mail service stopped working. Hence, the owners of mail accounts on this domain could not send and receive emails. | When a user suspends a domain in the Control Panel, the mail service keeps working. Additionally, the user has an option to disable the domain. In this case, the mail service will be stopped as well. |
The following issues have been fixed:
[-] Customers were able to select the Mailbox option on the mail account creation page even if they already reached the limit on mailboxes in the corresponding subscription. (126052)
[-] (Linux only) After upgrading from Panel 11.0.9 to Panel 11.5, Panel did not report errors if it failed to convert mail accounts with mixed-case names to lowercase. (139484)
[-] Security improvements. (139537)
[-] (Linux only) Administrators could not restart nginx and PHP-FPM after changing the system user name of the owner of a website that uses PHP-FPM. (140075)
[-] (Linux only) On the transfer pre-check page, Panel did not inform administrators about potential problems that could occur when Mailman was installed on the source server and was not installed on the destination server. (120244)
[-] (Linux only) The plesk utility did not accept arguments in quotes. (140201)
[-] (Linux only) Panel firewall incorrectly blocked most of outgoing connections. (139010, 139011, 139012)
[-] (Linux only) The warning message on the Forgot your password page was unreadable in the Russian locale. (81562)
[-] Event handlers for the event Subdomain of a default domain created did not work if they were configured to run the subdomain utility. (122382)
[-] (Linux only) The help page for the admin command-line utility did not inform administrators that certain options work only in custom view. (139922)
[-] (Windows only) Customers saw the error 0x800710D8 if they had a subscription that contained a large number of domains (more than 200). (110658)
[-] (Windows only) Panel did not update license keys automatically. (92983)
[-] (Windows only) Panel failed to restore mailboxes with passwords that did not meet the server security requirements. (138318)
[-] (Windows only) The web_statistics_executor.exe utility did not generate statistics for individual domains. (140166)
(Jul 25) Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. [More…]
(Jul 25) A buffer overflow has been discovered in the Radius extension for PHP. The function handling Vendor Specific Attributes assumed that the attributes given would always be of valid length. An attacker could use this assumption to trigger a buffer overflow. [More…]
(Jul 25) Several security issues were fixed in MySQL.
The Joomla Project is pleased to announce the immediate availability of Joomla 3.1.4. This is a maintenance release with no security fixes. The Production Leadership Team’s goal is to continue to provide regular, frequent updates to the Joomla community. Learn more about Joomla! development at the Developer Site.
The update process is very simple, and complete instructions are available here. Note that there are now easier and better ways of updating than copying the files with FTP.
Note: Please read the instructions below.
*Please be sure to clear your browser’s cache after upgrading.
Want to test drive Joomla? Try the online demo or the Joomla JumpBox. Documentation is available for beginners.
Please note that you should always backup your site before upgrading.
Check the Joomla 3.1.4 Post-Release FAQs to see if there are important items and helpful hints discovered after the release.
See http://developer.joomla.org/version-3-1-4-release-notes.html for details of the tracker items fixed.
Joomla 3.0 to 3.1 is a one-click upgrade with backward compatibility and is NOT a migration. The same is true is for any subsequent versions in the Joomla 3 series. Thus, if you’re running a Joomla 3.0 site, please one-click upgrade, within the Joomla! Update component, to Joomla 3.1 to get the new features and the latest bugs fixes.
Moving to Joomla 3.x from Joomla 2.5 will be a mini-migration not an upgrade, although for the core of Joomla! the migration should be simple. However, it is likely that templates for Joomla 2.5 will need modification to work with Joomla 3 as will many extensions. Always test prior to migrating and consult with the developers of any extensions and templates you use.
Version 2.5 of the Joomla! CMS is a Long Term Support release and support for it will continue until shortly after the release of Joomla 3.5 scheduled for Spring 2014. Joomla 2.5 users do not need to migrate to Joomla 3.1.
Support for Joomla 1.5 ended in April of 2012 and we continued to support it unofficially until the end of 2012 for medium to high priority security issues.
Does that mean your 1.5 site will suddenly stop working? No, your site will continue to work as it always has. However, Joomla’s developers will not be releasing new versions for Joomla 1.5, so you won’t be getting bug fixes or security fixes. For this reason, it’s recommended to migrate from 1.5.
Moving from 2.5 to any Joomla 3 version is relatively simple, since Joomla has made the process easy for newer versions. Unfortunately, moving from 1.5 is not a trivial task. Fortunately, there are two good extensions that make the process easier: jUpgrade and SPUpgrade.
You have a choice of going straight to Joomla 3.1 or going to 2.5 first. Both jUpgrade and SPUpgrade have versions ready for both versions. Please consult with their documentation on how to migrate from Joomla 1.5 to 3.1/2.5.
For most new/migrated sites, the Joomla! 3 series is the preferred series and starting on it avoids a mini-migration from Joomla 2.5 later down the road. Starting on the Joomla 3 series for a new/migrated site, also provides you with longer backward compatible support (with one-click upgrades) than starting a new site on 2.5 right now, because support for 3.x ends in 2016.
Thanks to the Joomla Bug Squad for their dedicated efforts investigating reports, fixing problems, and applying patches to Joomla. If you find a bug in Joomla, please report it on the Joomla! CMS Issue Tracker.
Active members of the Joomla Bug Squad during past 3 months include: Achal Aggarwal, Adelene Teh, Aleksander Linkov, Angelika Reisiger, Anibal Sanchez, Anja Hage, Artur Alves, Ashan Fernando, Beat , Brian Teeman, Chad Windnagle, Constantin Romankiewicz, Daniel Kanchev, David Hurley, Dennis Hermacki, Dimitar Genchev, Duong Nguyen, Edwin Cheront, Elin Waring, George Wilson, Gunjan Patel, Hans Kuijpers, Hervé Boinnard, Hugh Messenger, Janich Rasmussen, Jason Rey, Jérôme GLATIGNY, Jean-Marie Simonet, Jern Wei Tan, Jerri Christiansen, Jozsef Tamas Herczeg, Khai Vu Dinh, klas 10, landor landor, Lao Neo, Lara Petersen, Le Van Thuyet, Loc Le Minh, Lu Nguyen, Marc Antoine Thevenet, Marijke Stuivenberg, Mario Proenca, Mark Dexter, Mark Lee, Matias Aguirre, Michael Babker, Mihail Irintchev, Mike Biolsi, Mike Veeckmans, Nha Bui, Nicholas Dionysopoulos, Nick Savov, Nik Faris Akmal, Ofer Cohen, Olaf Offick, Patrick Alt, Peter Martin, Peter van Westen, Peter Wiseman, Piotr Konieczny, Radek Suski, Richard McDaniel, Rob de Cleen, Robert Deutz, Robert Gastaud, Roberto Segura, Roland Dalmulder, Ronni Christiansen, Sam Teh, Sander Potjer, Sandra Thevenet, Sebastian Łuckoś, Sergio Iglesias, Seth Warburton, Shafiq Mazlan, Stefania Gaianigo, Thomas Hunziker, Tino Brackebusch, TJ Baker, Tobias Zulauf, tompap tompap, Troy Hall, Tu Diep The, Valentin Despa, Victor Drover, Viliam Kubis, Yiliang Yang.
Bug Squad Leadership: Mark Dexter and Nick Savov, Co-Coordinators. Super-star contributors and leaders by example: David Hurley, Jean-Marie Simonet, Brian Teeman, Elin Waring, Marc Antoine Thevenet, Michael Babker, and Roberto Segura.
A big thanks to the Joomla! Security Strike Team for their ongoing work to keep Joomla secure. Members include: Airton Torres, Alan Langford, Beat, Bill Richardson, Brian Teeman, David Hurley, Don Gilbert, Elin Waring, Gary Brooks, Jason Kendall, Jean-Marie Simonet, Marijke Stuivenberg, Mark Boos, Mark Dexter, Matias Griese, Michael Babker, Nick Savov, Pushapraj Sharma, Rouven Weßling.
There are a variety of ways in which you can get actively involved with Joomla! It doesn’t matter if you are a coder, an integrator, or merely a user of Joomla!. You can contact the Joomla! Community Development Manager, David Hurley, [email protected], to get more information, or if you are ready you can jump right into the Joomla! Bug Squad.
The Joomla Bug Squad is one of the most active teams in the Joomla development process and is always looking for people (not just developers) that can help with sorting bug reports, coding patches and testing solutions. It’s a great way for increasing your working knowledge of Joomla, and also a great way to meet new people from all around the world.
If you are interested, please read about us on the Joomla Wiki and, if you wish to join, email Mark Dexter, one of the Bug Squad co-coordinators.
You can also help Joomla development by thanking those involved in the many areas of the process. The project also wants to thank all of the people who have taken the time to prepare and submit work to be included in Joomla 1.6,1.7, 2.5, & 3.0, 3.1, and to those who have worked very hard on the Joomla Framework.
The Joomla Project is pleased to announce the immediate availability of Joomla 2.5.13. This is a maintenance release with no security fixes. The Production Leadership Team’s goal is to continue to provide regular, frequent updates to the Joomla community. Learn more about Joomla! development at the Developer Site.
The update process is very simple, and complete instructions are available here. Note that there are now easier and better ways of updating than copying the files with FTP.
Note: Please read the update instructions before updating.
*Please clear your browser’s cache after ugprading
Want to test drive Joomla? Try the online demo or the Joomla JumpBox. Documentation is available for beginners.
Check the Joomla 2.5.13 Post-Release FAQs to see if there are important items and helpful hints discovered after the release.
See http://developer.joomla.org/version-2-5-13-release-notes.html for details of the tracker items fixed.
Thanks to the Joomla Bug Squad for their dedicated efforts investigating reports, fixing problems, and applying patches to Joomla. If you find a bug in Joomla, please report it on the Joomla! CMS Issue Tracker.
Active members of the Joomla Bug Squad during past 3 months include: Achal Aggarwal, Adelene Teh, Aleksander Linkov, Angelika Reisiger, Anibal Sanchez, Anja Hage, Artur Alves, Ashan Fernando, Beat , Brian Teeman, Chad Windnagle, Constantin Romankiewicz, Daniel Kanchev, David Hurley, Dennis Hermacki, Dimitar Genchev, Duong Nguyen, Edwin Cheront, Elin Waring, George Wilson, Gunjan Patel, Hans Kuijpers, Hervé Boinnard, Hugh Messenger, Janich Rasmussen, Jason Rey, Jérôme GLATIGNY, Jean-Marie Simonet, Jern Wei Tan, Jerri Christiansen, Jozsef Tamas Herczeg, Khai Vu Dinh, klas 10, landor landor, Lao Neo, Lara Petersen, Le Van Thuyet, Loc Le Minh, Lu Nguyen, Marc Antoine Thevenet, Marijke Stuivenberg, Mario Proenca, Mark Dexter, Mark Lee, Matias Aguirre, Michael Babker, Mihail Irintchev, Mike Biolsi, Mike Veeckmans, Nha Bui, Nicholas Dionysopoulos, Nick Savov, Nik Faris Akmal, Ofer Cohen, Olaf Offick, Patrick Alt, Peter Martin, Peter van Westen, Peter Wiseman, Piotr Konieczny, Radek Suski, Richard McDaniel, Rob de Cleen, Robert Deutz, Robert Gastaud, Roberto Segura, Roland Dalmulder, Ronni Christiansen, Sam Teh, Sander Potjer, Sandra Thevenet, Sebastian Łuckoś, Sergio Iglesias, Seth Warburton, Shafiq Mazlan, Stefania Gaianigo, Thomas Hunziker, Tino Brackebusch, TJ Baker, Tobias Zulauf, tompap tompap, Troy Hall, Tu Diep The, Valentin Despa, Victor Drover, Viliam Kubis, Yiliang Yang.
Bug Squad Leadership: Mark Dexter and Nick Savov, Co-Coordinators. Super-star contributors and leaders by example: David Hurley, Jean-Marie Simonet, Brian Teeman, Elin Waring, Marc Antoine Thevenet, Michael Babker, and Roberto Segura.
A big thanks to the Joomla! Security Strike Team for their ongoing work to keep Joomla secure. Members include: Airton Torres, Alan Langford, Beat, Bill Richardson, Brian Teeman, David Hurley, Don Gilbert, Elin Waring, Gary Brooks, Jason Kendall, Jean-Marie Simonet, Marijke Stuivenberg, Mark Boos, Mark Dexter, Matias Griese, Michael Babker, Nick Savov, Pushapraj Sharma, Rouven Weßling.
SUMMARY The Apache HTTPD Server Project have released httpd-2.2.25 and httpd-2.4.6 to correct multiple vulnerabilities that were issues CVE’s. Apache HTTP Server 2.2.25 CVE-2013-1896 mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to …
(Jul 23) Updated ruby193-ruby packages that fix one security issue are now available for Red Hat OpenStack 3.0 (Grizzly). The Red Hat Security Response Team has rated this update as having moderate [More…]
The second release candidate for WordPress 3.6 is now available for download and testing. We’re down to only a few remaining issues, and the final release should be available in a matter of days. In RC2, we’ve tightened up some aspects of revisions, autosave, and the media player, and fixed some bugs that were spotted […]
(Jul 23) Several security issues were fixed in OpenJDK 6.
(Jul 22) Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More…]
(Jul 22) An updated virtio-win package that fixes one security issue is now available for Red Hat Enterprise Linux 6 Supplementary. The Red Hat Security Response Team has rated this update as having [More…]
SUMMARY Mod_Security was found to have a Remote Null Pointer Dereference vulnerability that could cause it to crash. SECURITY RATING The cPanel Security Team has rated this update has having moderate security impact. Information on security ratings is available at: http://go.cpanel.net/securitylevels. DETAIL CVE-2013-2765 states: “When forceRequestBodyVariable action is triggered and …
(Jul 18) Two security issues have been found in the Tomcat servlet and JSP engine: CVE-2012-3544 [More…]
(Jul 18) Several vulnerabilities have been discovered in the Chromium web browser. CVE-2013-2853 [More…]
(Jul 15) Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More…]
(Jul 16) Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having [More…]
(Jul 16) File Roller could be made to create or overwrite files.
58 queries. 8.75 mb Memory usage. 2.110 seconds.