Ike.ninja

WordPress 5.2 Beta 3 is now available! This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version. There are two ways to test the latest WordPress 5.2 beta: try the WordPress Beta Tester plugin (you’ll want […]

* Do not allow changes in active URI before provisional load starts for non-API requests. * Stop the threaded compositor when the page is not visible or layer tree state is frozen. * Use WebKit HTTP source element again for adaptive streaming fragments downloading. * Properly handle empty resources in webkit_web_resource_get_data(). * Add quirk to ensure outlook.live.com uses the

The 5.0.7 update contains a number of important fixes across the tree

rssh could be made to run arbitrary commands if it received specially crafted input.

Several security issues were fixed in Ruby.

An update for httpd24-httpd and httpd24-mod_auth_mellon is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

Mathy Vanhoef (NYUAD) and Eyal Ronen (Tel Aviv University & KU Leuven) found multiple vulnerabilities in the WPA implementation found in wpa_supplication (station) and hostapd (access point). These vulnerability are also collectively known as “Dragonblood”.

An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which

It was discovered that SPIP, a website engine for publishing, did not properly sanitize its user input. This would allow an authenticated user to perform arbitrary command execution.

update to the bugfix release 3.9.0

• Project: Joomla!
• SubProject: CMS
• Impact: Moderate
• Severity: Low
• Versions: 1.5.0 through 3.9.4
• Exploit type: Directory Traversal
• Reported Date: 2019-March-13
• Fixed Date: 2019-April-08
• CVE Number: CVE-2019-10945

Description

The Media Manager component does not properly sanitise the folder parameter, allowing attackers to act outside the media manager root directory.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.9.4

Solution

Upgrade to version 3.9.5

Contact

The JSST at the Joomla! Security Centre.

• Project: Joomla!
• SubProject: CMS
• Impact: Low
• Severity: Moderate
• Versions: 3.0.0 through 3.9.4
• Exploit type: XSS
• Reported Date: 2019-March-25
• Fixed Date: 2019-April-09
• CVE Number: TBA

Description

The $.extend method of JQuery is vulnerable to Object.prototype pollution attacks.

Affected Installs

Joomla! CMS versions 3.0.0 through 3.9.4

Solution

Upgrade to version 3.9.5

Contact

The JSST at the Joomla! Security Centre.

Last year, we shared “7 Ways We’ve Improved Email Hosting on cPanel & WHM” and we looked at some cool features for email accounts. After much improvement, we felt that Plus Addressing was an interesting enough feature to include as a blog post!  So what is plus addressing? Known officially as subaddressing, plus addressing delivers mail in a particular way so that you can better organize incoming mail. Additionally, plus addressing is used as a method to …

An update for katello-installer-base which configures qpid-dispatch-router is now available for Red Hat Satellite 6.3 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,