– fix cookie injection with none file (CVE-2023-38546) – fix SOCKS5 heap buffer overflow (CVE-2023-38545)
Comment
Archive for October, 2023
176 results.
fix for CVE-2023-43115 (#2241112)
Join WordPress Executive Director, Josepha Haden Chomphosy, as she goes back to the basics and offers some insight into block patterns for WordPress. Don’t miss this exciting insider’s look!
Security fix for CVE-2023-43665, CVE-2023-41164, and CVE-2023-36053
– fix HTTP/2 Rapid Reset (CVE-2023-44487)
Security fix for CVE-2023-43665, CVE-2023-41164, and CVE-2023-36053
– Update to 2.28.5 – CVE-2023-43615 Release notes: https://github.com/Mbed- TLS/mbedtls/releases/tag/mbedtls-2.28.5 Security Advisory: https://mbed- tls.readthedocs.io/en/latest/security-advisories/mbedtls-security- advisory-2023-10-1/
Move location of plugin from /usr/share/… to /usr/libexec/… because there is a binary executable
Update cacti and cacti-spine to version 1.2.25. This includes the upstream fixes for many CVEs. https://github.com/Cacti/cacti/releases/tag/release%2F1.2.25
Update to version 4.18.8 – Security fixes for CVE-2023-3961, CVE-2023-4091, CVE-2023-4154, CVE-2023-42669 and CVE-2023-42670
The patch to address CVE-2023-44487 (Rapid Reset Attack) was incomplete and caused a regression when using asynchronous I/O (the default for NIO and NIO2). DATA frames must be included when calculating the HTTP/2 overhead count to ensure that connections are not prematurely terminated.
This security and maintenance release features 19 bug fixes on Core, 22 bug fixes for the Block Editor, and 8 security fixes. WordPress 6.3.2 is a short-cycle release. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement. Because this is a security release, it is recommended […]
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2023-39928
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Several security issues were fixed in FFmpeg.
This update backports the fix for a serious security issue that could cause arbitrary code execution, tracked as CVE-2023-43641. See [this write-up by Kevin Backhouse](https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on- gnome-cve-2023-43641/) for details. Thanks to Kevin for discovering the issue and writing the fix.
Update oneVPL and oneVPL-intel-gpu to latest releases. Fixes CVE-2023-22338 and CVE-2023-22840. No ABI changes.
USN-6425-1 introduced a regression in Samba.
Kevin Backhouse discovered an out-of-bounds array access in Libcue, a library for parsing CD metadata, which could result in the execution of arbitrary code.
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix, which might result in denial of service, information disclosure or privilege escalation.
Coming Soon: A Revolutionary Way to Design and Manage Websites with Sitejet Builder for cPanel
Oct11
on October 11, 2023
at 5:51 pm
Posted In: Announcements, Apache, CMS, Community, cPanel, Events, Products, Releases, security, Site Builder, SiteJet, Sitejet Builder, System, website design, website management
Our teams have been working tirelessly to make cPanel even better this year. We’ve made improvements to the features you already love, making them even smoother and stronger, and released new features that take the software to the next level. We understand customer expectations around modern-looking, accessible, and conversion-driven websites have never been higher. And to help you meet this demand, we’re making the most of integration to revolutionize website design and …
The post Coming Soon: A Revolutionary Way to Design and Manage Websites with Sitejet Builder for cPanel first appeared on cPanel Blog.
Several security issues were fixed in curl.
Just a few days ago, Zero Day Initiative (ZDI) publicly disclosed not one, not two, but six Zero-Day vulnerabilities in the widely-used Exim mail server. These vulnerabilities have been lurking in the shadows since their discovery in June 2022, when precautionary steps were taken to release patches for Exim and libspf2. Now, the vulnerabilities are finally unraveled. And spoiler alert, you are totally safe! No Action Required by Default on Your End At cPanel, we …
The post cPanel Vulnerability Report: No Actions Required by Default first appeared on cPanel Blog.
Several security issues were fixed in curl.
Two security issues were found in Curl, an easy-to-use client-side URL transfer library and command line tool: CVE-2023-38545
LibTIFF could be made to crash if it opened a specially crafted file.
USN-6404-1 caused some minor regressions in Firefox.
Seccomp jail improvements (CVE-2023-43641)
Update oneVPL and oneVPL-intel-gpu to latest releases. Fixes CVE-2023-22338 and CVE-2023-22840. No ABI changes.
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2023-24998