(Mar 26) An update for rh-mysql57-mysql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
(Mar 26) An update for rh-ruby23-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
Django could be made to consume resources if it received specially crafted network traffic.
Several security issues were fixed in WebKitGTK+.
(Mar 26) An update for python-paramiko is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
(Mar 26) An update for slf4j is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
Update to 1.8.4. Security fix for CVE-2018-8794 CVE-2018-8795 CVE-2018-8797 CVE-2018-20175 CVE-2018-20176 CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8796 CVE-2018-8798 CVE-2018-8799 CVE-2018-8800 CVE-2018-20174 CVE-2018-20177 CVE-2018-20178 CVE-2018-20179 CVE-2018-20180 CVE-2018-20181 CVE-2018-20182.
Fixes CVE-2019-386 and CVE-2019-3807
Update to 1.2.3 Fixes security vulnerability related to CVE-2019-5736.
Fixes for CVE-2016-4463 and CVE-2017-12627.
This update includes a rebase from 9.0.10 up to 9.0.13 which resolves one CVE along with various other bugs/features: rhbz#1636513 – CVE-2018-11784 tomcat: Open redirect in default servlet
It was discovered that Flatpak, an application deployment framework for desktop apps, insufficiently restricted the execution of “apply_extra” scripts which could potentially result in privilege escalation.
As of last week’s update, EasyApache 4 includes a light version of mod_lsapi, a module built and distributed by our friends at CloudLinux. This release is a scaled-back version of the module already distributed by CloudLinux. Anyone already using CloudLinux should use the one distributed by CloudLinux, but for everyone else let’s talk about it! What is mod_lsapi? mod_lsapi is an Apache module based on the LiteSpeed Technologies API that provides significant improvements in speed and …
GVfs could be made to expose sensitive information if it received a specially crafted input.
snapd could be made to run programs as an administrator.
The phar:// stream wrapper can be used for objection injection attacks. We now disallow usage of the phar:// handler for non .phar-files within the CMS globally by implementing the TYPO3 PHAR stream wrapper.
Joomla! CMS versions 2.5.0 through 3.9.2
Upgrade to version 3.9.3
The JSST at the Joomla! Security Centre.
Inadequate parameter handling in JS code could lead to an XSS attack vector.
Joomla! CMS versions 2.5.0 through 3.9.2
Upgrade to version 3.9.3
The JSST at the Joomla! Security Centre.
Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS.
Joomla! CMS versions 2.5.0 through 3.9.2
Upgrade to version 3.9.3
The JSST at the Joomla! Security Centre.
“No Filtering” textfilter overrides child settings in the Global Configuration. This is intended behavior but might be unexpected for the user. An additional message is now shown in the configuration dialog.
Joomla! CMS versions 2.5.0 through 3.9.2
Upgrade to version 3.9.3
The JSST at the Joomla! Security Centre.
A combination of specific webserver configurations, in connection with specific file types and browserside mime-type sniffing causes a XSS attack vector.
Joomla! CMS versions 1.0.0 through 3.9.2
Upgrade to version 3.9.3
The JSST at the Joomla! Security Centre.
Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability.
Joomla! CMS versions 2.5.0 through 3.9.2
Upgrade to version 3.9.3
The JSST at the Joomla! Security Centre.
Joomla 3.9.3 is now available. This is a security fix release for the 3.x series of Joomla which addresses 6 security vulnerabilities and contains 30 bug fixes and improvements.
(Mar 28) An update for openstack-tripleo-common and openstack-tripleo-heat-templates is now available for Red Hat OpenStack Platform 12.0 (Pike). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
(Mar 28) An update for sensu is now available for Red Hat OpenStack Platform 12.0 Operational Tools for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
The update for rssh issued as DSA 4377-1 introduced a regression that blocked scp of multiple files from a server using rssh. Updated packages are now available to correct this issue.
Christian Reitter discovered that libu2f-host, a library implementing the host-side of the U2F protocol, failed to properly check for a buffer overflow. This would allow an attacker with a custom made malicious USB device masquerading as a security key, and physical
Several security issues were fixed in poppler.
As of release 3.5 Joomla is collecting stats data, thanks to the stats plugin (only works if it’s enabled), and it found too many websites are not using the currently supported release of 3.9.2. This data is based on the Joomla, PHP, and database version. These are some pretty alarming statistics, and should not be ignored! We have provided some links at the bottom of this article for your reference, review, and to even get the latest release of Joomla.
Three vulnerabilities were discovered in the Mosquitto MQTT broker, which could result in authentication bypass. Please refer to https://mosquitto.org/blog/2019/02/version-1-5-6-released/ for additional information.
(Apr 2) Several security issues were fixed in OpenJDK 8.
50 queries. 9 mb Memory usage. 0.686 seconds.