Ike.ninja

Several security issues were fixed in the Linux kernel.

WordPress now powers over 1/3rd of the top 10 million sites on the web according to W3Techs. Our market share has been growing steadily over the last few years, going from 29.9% just one year ago to 33.4% now. We are, of course, quite proud of these numbers! The path here has been very exciting. […]

Backport security fixes: CVE-2019-7310, CVE-2018-20662

cPanel & WHM Version 80 will not support MySQL 5.5, and updates to cPanel & WHM Version 80 will be blocked for any server still running MySQL 5.5. We are also blocking updates for any cPanel & WHM servers that connect to MySQL 5.5 servers running. The MySQL/MariaDB Upgrade interface inside WHM makes upgrading safe and easy.  Why the block? On December 31st, 2018, MySQL version 5.5 entered End of Life status. Any server currently running MySQL …

We’re outlining how the new integration works between Plesk Premium Email, Dovecot, SpamAssassin and its Bayes algorithms. See how our customers benefit.

The post New Kolab Release 2: Plesk Premium Email Anti-spam Integration appeared first on Plesk.

xen: various flaws (#1685577) grant table transfer issues on large hosts [XSA-284] race with pass-through device hotplug [XSA-285] x86: steal_page violates page_struct access discipline [XSA-287] x86: Inconsistent PV IOMMU discipline [XSA-288] missing preemption in x86 PV page table unvalidation [XSA-290] x86/PV: page type reference counting issue with failed IOMMU update

new upstream version, to fix CVE-2018-10936

Francis McBratney discovered that the Windows Azure Linux Agent created swap files with world-readable permissions, resulting in information disclosure.

Ross Geerlings discovered that the XMLTooling library didn’t correctly handle exceptions on malformed XML declarations, which could result in denial of service against the application using XMLTooling.

WALinuxAgent could be made to expose sensitive information.

• Project: Joomla!
• SubProject: CMS
• Impact: Low
• Severity: Low
• Versions: 3.2.0 through 3.9.3
• Exploit type: XSS
• Reported Date: 2019-March-04
• Fixed Date: 2019-March-12
• CVE Number: CVE-2019-9712

Description

The JSON handler in com_config lacks input validation, leading to XSS vulnerability.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.9.3

Solution

Upgrade to version 3.9.4

Contact

The JSST at the Joomla! Security Centre.

• Project: Joomla!
• SubProject: CMS
• Impact: Low
• Severity: Low
• Versions: 3.0.0 through 3.9.3
• Exploit type: XSS
• Reported Date: 2019-February-25
• Fixed Date: 2019-March-12
• CVE Number: CVE-2019-9714

Description

The media form field lacks escaping, leading to a XSS vulnerability.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.9.3

Solution

Upgrade to version 3.9.4

Contact

The JSST at the Joomla! Security Centre.

Joomla 3.9.4 is now available. This is a security fix release for the 3.x series of Joomla which addresses 4 security vulnerabilities and contains 28 bug fixes and improvements.

An extremely convincing phishing attack that impersonates a multi-game skin trade bot appears to be using a fake Extended Validation TLS certificate to steal Steam accounts. The ongoing phishing attack impersonates TradeIt.gg, which facilitates the trading of skins, weapons and other in-game commodities within popular games like CS:GO, TF2 and DOTA. When a victim attempts […]

WordPress 5.1.1 is now available! This security and maintenance release introduces 10 fixes and enhancements, including changes designed to help hosts prepare users for the minimum PHP version bump coming in 5.2. This release also includes a pair of security fixes that handle how comments are filtered and then stored in the database. With a maliciously […]