(Jan 19) Security fix for CVE-2018-20455 CVE-2018-20456 CVE-2018-20457 CVE-2018-20458 CVE-2018-20459 CVE-2018-20460 CVE-2018-20461 through rebase to 3.2.0
Archive for January, 2019
(Jan 19) Security fix for CVE-2018-20455 CVE-2018-20456 CVE-2018-20457 CVE-2018-20458 CVE-2018-20459 CVE-2018-20460 CVE-2018-20461 through rebase to 3.2.0
(Jan 15) Several security issues were fixed in HAProxy.
(Jan 16) An update for openvswitch is now available for Red Hat OpenStack Platform 10.0 (Newton). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
(Jan 16) An update for redis is now available for Red Hat OpenStack Platform 13.0 (Queens). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
(Jan 18) Update to 1.912, fixes CVE-2015-7686 and CVE-2018-12558.
(Jan 18) Update to 1.912, fixes CVE-2015-7686 and CVE-2018-12558.
(Jan 17) Two vulnerabilities were found in Drupal, a fully-featured content management framework, which could result in arbitrary code execution. For additional information, please refer to the upstream advisories
(Jan 15) Several security issues were fixed in libarchive.
(Jan 17) Irssi could be made to crash or execute arbitrary code if it received a specially crafted input.
(Jan 16) An update for openvswitch is now available for Red Hat OpenStack Platform 13.0 (Queens). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
(Jan 17) This is the final notification for the retirement of Red Hat Enterprise Linux 6.7 Extended Update Support (EUS). This notification applies only to those customers subscribed to the Extended Update Support (EUS) channel for Red Hat Enterprise Linux 6.7.
(Jan 16) **Horde_Form 2.0.19** * [mjr] SECURITY: Prevent RCE vulnerability due to potential directory traversal in Image uploads (An independent security researcher has reported this vulnerability to SecuriTeam Secure Disclosure program).
(Jan 16) Patch for CVE-2016-10091
(Jan 16) PolicyKit could allow unintended access.
(Jan 16) PolicyKit could allow unintended access.
(Jan 16) An update for python-django is now available for Red Hat OpenStack Platform 13.0 (Queens). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
(Jan 16) An update for pyOpenSSL is now available for Red Hat OpenStack Platform 13.0 (Queens). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
Dozens more U.S. government websites have become inaccessible since last week, when Netcraft highlighted the impact of security certificates expiring during the federal shutdown. As of today, more than 130 TLS certificates used by U.S. government websites have expired without being renewed. Some of these sites are now completely inaccessible in modern browsers due to […]
The post Effective server maintenance: Every step you need to take appeared first on Plesk.
(Jan 16) This update fixes CVE-2018-20685 (the first “variant”) and backports several fixes to unbreak ECDSA authentication from PKCS#11, certificate authentication and so on.
(Jan 15) The Qualys Research Labs reported that the backported security fixes shipped in DSA 4367-1 contained a memory leak in systemd-journald. This and an unrelated bug in systemd-coredump are corrected in this update.
(Jan 16) **Horde_Form 2.0.19** * [mjr] SECURITY: Prevent RCE vulnerability due to potential directory traversal in Image uploads (An independent security researcher has reported this vulnerability to SecuriTeam Secure Disclosure program).
(Jan 15) Several security issues were fixed in libcaca.
(Jan 15) Several security issues were fixed in libcaca.
(Jan 15) An update for libvncserver is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 2.5.0 through 3.9.1
- Exploit type: XSS
- Reported Date: 2018-December-05
- Fixed Date: 2019-January-15
- CVE Number: CVE-2019-6262
Description
Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS.
Affected Installs
Joomla! CMS versions 2.5.0 through 3.9.1
Solution
Upgrade to version 3.9.2
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 2.5.0 through 3.9.1
- Exploit type: XSS
- Reported Date: 2018-November-29
- Fixed Date: 2019-January-15
- CVE Number: CVE-2019-6263
Description
Inadequate checks at the Global Configuration Text Filter settings allowed a stored XSS.
Affected Installs
Joomla! CMS versions 2.5.0 through 3.9.1
Solution
Upgrade to version 3.9.2
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 2.5.0 through 3.9.1
- Exploit type: XSS
- Reported Date: 2018-December-04
- Fixed Date: 2019-January-15
- CVE Number: CVE-2019-6261
Description
Inadequate escaping in com_contact leads to a stored XSS vulnerability
Affected Installs
Joomla! CMS versions 2.5.0 through 3.9.1
Solution
Upgrade to version 3.9.2
Contact
The JSST at the Joomla! Security Centre.