Update to latest upstream release, fix CVE-2019-9844 (rhbz#1695304,
Comment
Archive for April, 2019
168 results.
WordPress 5.2 Beta 3
Apr12
WordPress 5.2 Beta 3 is now available! This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version. There are two ways to test the latest WordPress 5.2 beta: try the WordPress Beta Tester plugin (you’ll want […]
* Fix for CVE-2018-19840 CVE-2018-19841
* Do not allow changes in active URI before provisional load starts for non-API requests. * Stop the threaded compositor when the page is not visible or layer tree state is frozen. * Use WebKit HTTP source element again for adaptive streaming fragments downloading. * Properly handle empty resources in webkit_web_resource_get_data(). * Add quirk to ensure outlook.live.com uses the
The 5.0.7 update contains a number of important fixes across the tree
The 5.0.7 update contains a number of important fixes across the tree
This update fixes security vulnerability – Checkstyle loads external DTDs by default. Upstream issue: https://github.com/checkstyle/checkstyle/issues/6474 https://github.com/checkstyle/checkstyle/issues/6478 References: https://checkstyle.org/releasenotes.html#Release_8.18
rssh could be made to run arbitrary commands if it received specially crafted input.
This update fixes security vulnerability – Checkstyle loads external DTDs by default. Upstream issue: https://github.com/checkstyle/checkstyle/issues/6474 https://github.com/checkstyle/checkstyle/issues/6478 References: https://checkstyle.org/releasenotes.html#Release_8.18
Several security issues were fixed in Ruby.
An update for ceph and grafana is now available for Red Hat Ceph Storage 2.5 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
An update for httpd24-httpd and httpd24-mod_auth_mellon is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
The post Your Automatic Server Update to Plesk 17.8 appeared first on Plesk.
Mathy Vanhoef (NYUAD) and Eyal Ronen (Tel Aviv University & KU Leuven) found multiple vulnerabilities in the WPA implementation found in wpa_supplication (station) and hostapd (access point). These vulnerability are also collectively known as “Dragonblood”.
An update for Istio-Proxy is now available for Red Hat OpenShift Service Mesh Tech Preview 0.9.0. Red Hat Product Security has rated this update as having a security impact of
An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
Several security issues were fixed in wpa_supplicant and hostapd.
An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
Several security issues were fixed in Apache.
It was discovered that SPIP, a website engine for publishing, did not properly sanitize its user input. This would allow an authenticated user to perform arbitrary command execution.
New upstream release 0.14.2 which also fixes CVE-2019-3878 and CVE-2019-3877
update to the bugfix release 3.9.0
update to the bugfix release 3.9.0
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Versions: 1.5.0 through 3.9.4
- Exploit type: Directory Traversal
- Reported Date: 2019-March-13
- Fixed Date: 2019-April-08
- CVE Number: CVE-2019-10945
Description
The Media Manager component does not properly sanitise the folder parameter, allowing attackers to act outside the media manager root directory.
Affected Installs
Joomla! CMS versions 1.5.0 through 3.9.4
Solution
Upgrade to version 3.9.5
Contact
The JSST at the Joomla! Security Centre.
Reported By: Haboob Research Team
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: High
- Versions: 3.2.0 through 3.9.4
- Exploit type: ACL Violation
- Reported Date: 2019-March-13
- Fixed Date: 2019-April-08
- CVE Number: CVE-2019-10946
Description
The “refresh list of helpsites” endpoint of com_users lacks access checks, allowing calls from unauthenticated users.
Affected Installs
Joomla! CMS versions 3.2.0 through 3.9.4
Solution
Upgrade to version 3.9.5
Contact
The JSST at the Joomla! Security Centre.
Reported By: Benjamin Trenkle (JSST)
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Moderate
- Versions: 3.0.0 through 3.9.4
- Exploit type: XSS
- Reported Date: 2019-March-25
- Fixed Date: 2019-April-09
- CVE Number: TBA
Description
The $.extend method of JQuery is vulnerable to Object.prototype pollution attacks.
Affected Installs
Joomla! CMS versions 3.0.0 through 3.9.4
Solution
Upgrade to version 3.9.5
Contact
The JSST at the Joomla! Security Centre.
Reported By: Michał Gołębiowski-Owczarek, David Jardin (JSST)
Joomla 3.9.5 Release
Apr09
Joomla 3.9.5 is now available. This is a security fix release for the 3.x series of Joomla which addresses three security vulnerabilities and contains over 20 bug fixes and improvements.
Last year, we shared “7 Ways We’ve Improved Email Hosting on cPanel & WHM” and we looked at some cool features for email accounts. After much improvement, we felt that Plus Addressing was an interesting enough feature to include as a blog post! So what is plus addressing? Known officially as subaddressing, plus addressing delivers mail in a particular way so that you can better organize incoming mail. Additionally, plus addressing is used as a method to …
An update for katello-installer-base which configures qpid-dispatch-router is now available for Red Hat Satellite 6.2 for RHEL 6 and Red Hat Satellite 6.2 for RHEL 7. Red Hat Product Security has rated this update as having a security impact
An update for katello-installer-base which configures qpid-dispatch-router is now available for Red Hat Satellite 6.3 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,