– Update to 2.16.6 Release notes: https://tls.mbed.org/tech- updates/releases/mbedtls-2.16.6-and-2.7.15-released Security Advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security- advisory-2020-04
Archive for June, 2020
– Update to 1.2.12 Release notes: https://www.cacti.net/release_notes.php?version=1.2.12
Firefox could be made to crash or run programs as your login if it opened a malicious website.
An update for freerdp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
Several security issues were fixed in FreeRDP.
Several security issues were fixed in Django.
Patch for CVE-2019-20797
– New upstream version (77.0)
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or a timing attack on cryptographic keys.
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
An update for bind is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
An update for firefox is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
Several security issues were fixed in Django.
An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
Next Level Ops Podcast: Must Haves for Managed WordPress Hosting with Andrey Kugaevskiy
The post Next Level Ops Podcast: Must Haves for Managed WordPress Hosting with Andrey Kugaevskiy appeared first on Plesk.
An update for openshift-enterprise-apb-tools-container is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
An update for ose-openshift-apiserver-container is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
This update limits the number of nested MIME parts to 10 (by default), to avoid a possible memory exhaustion issue with lots of tiny MIME parts.
Bug fix and security fix for CVE-2020-12693
Joomla 3.9.19 Release
Joomla 3.9.19 is now available. This is a security release for the 3.x series of Joomla which addresses 5 security vulnerabilities and contains over 40 bug fixes and improvements.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 3.7.0-3.9.18
- Exploit type: XSS
- Reported Date: 2020-May-08
- Fixed Date: 2020-June-02
- CVE Number: CVE-2020-13760
Description
Missing token checks in com_postinstall cause CSRF vulnerabilities.
Affected Installs
Joomla! CMS versions 3.7.0 – 3.9.18
Solution
Upgrade to version 3.9.19
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Moderate
- Versions: 3.0.0-3.9.18
- Exploit type: XSS
- Reported Date: 2020-April-10
- Fixed Date: 2020-June-02
- CVE Number: CVE-2020-11022 and CVE-2020-11023
Description
The jQuery project released version 3.5.0, and as part of that, disclosed two security vulnerabilities that affect all prior versions. As mentioned in the jQuery blog, both are “[…] security issues in jQuery’s DOM manipulation methods, as in .html(), .append(), and the others.”
The Drupal project has backported the relevant fixes back to jQuery 1.x and Joomla has adopted that patch.
Affected Installs
Joomla! CMS versions 3.0.0 – 3.9.18
Solution
Upgrade to version 3.9.19
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Versions: 3.0.0-3.9.18
- Exploit type: XSS
- Reported Date: 2020-May-06
- Fixed Date: 2020-June-02
- CVE Number: CVE-2020-XXX
Description
Incorrect input validation of the module tag option in com_modules allow XSS attacks.
Affected Installs
Joomla! CMS versions 3.0.0 – 3.9.18
Solution
Upgrade to version 3.9.19
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 2.5.0-3.9.18
- Exploit type: Insecure Permissions
- Reported Date: 2020-April-23
- Fixed Date: 2020-June-02
- CVE Number: CVE-2020-13763
Description
The default settings of the global “textfilter” configuration doesn’t block HTML inputs for ‘Guest’ users. With 3.9.19, the textfilter for new installations has been set to ‘No HTML’ for the groups ‘Public’, ‘Guest’ and ‘Registered’.
Affected Installs
Joomla! CMS versions 2.5.0 – 3.9.18
Solution
Upgrade to version 3.9.19
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Versions: 3.0.0-3.9.18
- Exploit type: XSS
- Reported Date: 2020-May-06
- Fixed Date: 2020-June-02
- CVE Number: CVE-2020-13761
Description
Lack of input validation in the heading tag option of the “Articles – Newsflash” and “Articles – Categories” modules allow XSS attacks.
Affected Installs
Joomla! CMS versions 3.0.0 – 3.9.18
Solution
Upgrade to version 3.9.19
Contact
The JSST at the Joomla! Security Centre.
An update for jaeger, kiali, and servicemesh-grafana is now available for OpenShift Service Mesh 1.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
An update for freerdp is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
May was an action-packed month for WordPress! WordPress organizers are increasingly moving WordCamps online, and contributors are taking big steps towards Full Site Editing with Gutenberg. To learn more and get all the latest updates, read on. Gutenberg 8.1 and 8.2 Gutenberg 8.1 was released on May 13, followed quickly by Gutenberg 8.2 on May […]