(Apr 16) Updated java-1.6.0-openjdk packages that fix various security issues and one bug are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having [More…]
Comment
Archive for April, 2014
131 results.
WordPress 3.9 “Smith”
Apr16
Version 3.9 of WordPress, named “Smith” in honor of jazz organist Jimmy Smith, is available for download or update in your WordPress dashboard. This release features a number of refinements that we hope you’ll love. A smoother media editing experience Improved visual editing The updated visual editor has improved speed, accessibility, and mobile support. You can paste into the […]
(Apr 12) Security Report Summary
(Apr 14) Several security issues were fixed in curl.
(Apr 15) Python Imaging Library could be made to overwrite or expose files.
(Apr 15) Security Report Summary
As the results of CloudFlare’s challenge have demonstrated, a server’s private key can be extracted using the Heartbleed vulnerability. Consequently, the 500,000+ certificates used on web servers supporting TLS heartbeat should be urgently replaced and revoked. Whilst the replacement and revocation process has begun — 80,000 certificates have been revoked since the announcement — it […]
The second release candidate for WordPress 3.9 is now available for testing. If you haven’t tested 3.9 yet, you’re running out of time! We made about five dozen changes since the first release candidate, and those changes are all helpfully summarized in our weekly post on the development blog. Probably the biggest fixes are to live […]
(Apr 14) Security Report Summary
(Apr 13) Security Report Summary
(Apr 14) Net-SNMP could be made to crash if it received specially crafted networktraffic.
(Apr 9) Updated python-keystoneclient packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having [More…]
(Apr 9) Updated samba4 packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate [More…]
WordPress 3.8.3 is now available to fix a small but unfortunate bug in the WordPress 3.8.2 security release. The “Quick Draft” tool on the dashboard screen was broken in the 3.8.2 update. If you tried to use it, your draft would disappear and it wouldn’t save. While we doubt anyone was writing a novella using […]
Only 30,000 of the 500,000+ SSL certificates affected by the Heartbleed bug have been reissued up until today, and even fewer certificates have been revoked. There has been a noticeable rise in certificate re-issuance since 7 April 2014 Some of the first sites to deploy newly issued certificates in response to the OpenSSL vulnerability included Yahoo, Adobe, […]
cPanel Security Team: Heartbleed Vulnerability Heartbleed is a serious vulnerability in OpenSSL 1.0.1 through 1.0.1f. This vulnerability allows an attacker to read 64 kilobyte chunks of memory from from servers and clients that connect using SSL through a flaw in the OpenSSL’s implementation of the heartbeat extension. What does this …
The following issue was resolved:
[-] Integration with Key Administrator Partner Central did not work in Plesk 11.5. (PPPM-1552)
The Joomla! Project is pleased to announce the availability of Joomla! 3.3 Beta 2. Community members are asked to download and install the package in order to provide quality assurance for the forthcoming 3.3 release, which is scheduled for release on or around April 22nd, 2014.
A big thank you goes out to everyone that contributed to the 3.3 release! Joomla! 3.3 will be our most stable release ever. Right now we’re at about 320 commits since 3.2.3’s release with 41 different people contributing to those commits (not including testers and other non-coding activities). Best of all is that the new features are awesome!
The 3.x release series is the latest major release of the Joomla! CMS, with 3.3 the fourth standard-term support release in this series. Please note that going from 3.2 to 3.3 is a one-click upgrade and is NOT a migration. The same is true is for any subsequent versions in the 3.x series. That being said, please do not upgrade any of your production sites to the beta version as beta is ONLY intended for testing and there is no upgrade path from Beta.
Multiple Parallels products are potentially affected by the ‘Heartbleed Bug’ because they are based or installed on operating systems impacted by the OpenSSL CVE-2014-0160 vulnerabilities.
The OpenSSL group has published a solution at http://heartbleed.com/.
Additionally, please review and take action outlined in these Knowledgebase articles:
- For Parallels Automation: http://kb.parallels.com/en/120984
- For Parallels Business Automation Standard: http://kb.parallels.com/en/120986
- For Parallels Plesk Panel: http://kb.parallels.com/en/120990
- For Virtualization products: http://kb.parallels.com/en/120989
================================================================
Yesterday a new vulnerability was announced in OpenSSL 1.0.1 that allows an attacker to reveal up to 64kb of memory to a connected server. Parallels is working to assess any product specific issues as a result of this OpenSSL vulnerability. We encourage everyone running a server that uses OpenSSL to upgrade to version 1.0.1g to be protected. For previous versions of OpenSSL, re-compiling with the OPENSSL_NO_HEARTBEATS flag enabled will protect against this vulnerability. We will provide any product-specific updates as they become available.
(Apr 8) Security Report Summary
(Apr 7) A malicious server could bypass OpenSSH SSHFP DNS record checking.
(Apr 9) An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Critical [More…]
The following component was updated:
[+]Upgrade phpMyAdmin to version 4.1.12
The following issues were resolved:
[-] (Linux) Mail list creation failed if qmail is used after Microupdate #38 (PPPM-1542)
[-] (Windows) Panel sends notifications even if updates were not installed (PPPM-837)
[-] (Linux) phpMyAdmin redirects redirects browser to https://:8443/ after changing settings
(Apr 8) Security Report Summary
(Apr 7) Security Report Summary
(Apr 7) OpenSSL could be made to expose sensitive information over the network,possibly including private keys.
(Apr 7) USN-2124-1 introduced a regression in OpenJDK 6.
(Apr 7) Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More…]
As teased earlier, the first release candidate for WordPress 3.9 is now available for testing! We hope to ship WordPress 3.9 next week, but we need your help to get there. If you haven’t tested 3.9 yet, there’s no time like the present. (Please, not on a production site, unless you’re adventurous.) To test WordPress 3.9 […]