Ike.ninja

– fix cookie injection with none file (CVE-2023-38546) – fix SOCKS5 heap buffer overflow (CVE-2023-38545)

Join WordPress Executive Director, Josepha Haden Chomphosy, as she goes back to the basics and offers some insight into block patterns for WordPress. Don’t miss this exciting insider’s look!

– fix HTTP/2 Rapid Reset (CVE-2023-44487)

– Update to 2.28.5 – CVE-2023-43615 Release notes: https://github.com/Mbed- TLS/mbedtls/releases/tag/mbedtls-2.28.5 Security Advisory: https://mbed- tls.readthedocs.io/en/latest/security-advisories/mbedtls-security- advisory-2023-10-1/

Update cacti and cacti-spine to version 1.2.25. This includes the upstream fixes for many CVEs. https://github.com/Cacti/cacti/releases/tag/release%2F1.2.25

The patch to address CVE-2023-44487 (Rapid Reset Attack) was incomplete and caused a regression when using asynchronous I/O (the default for NIO and NIO2). DATA frames must be included when calculating the HTTP/2 overhead count to ensure that connections are not prematurely terminated.

The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2023-39928

Several security issues were fixed in FFmpeg.

Update oneVPL and oneVPL-intel-gpu to latest releases. Fixes CVE-2023-22338 and CVE-2023-22840. No ABI changes.

Kevin Backhouse discovered an out-of-bounds array access in Libcue, a library for parsing CD metadata, which could result in the execution of arbitrary code.

Our teams have been working tirelessly to make cPanel even better this year. We’ve made improvements to the features you already love, making them even smoother and stronger, and released new features that take the software to the next level.  We understand customer expectations around modern-looking, accessible, and conversion-driven websites have never been higher. And to help you meet this demand, we’re making the most of integration to revolutionize website design and …

The post Coming Soon: A Revolutionary Way to Design and Manage Websites with Sitejet Builder for cPanel first appeared on cPanel Blog.

Just a few days ago, Zero Day Initiative (ZDI) publicly disclosed not one, not two, but six Zero-Day vulnerabilities in the widely-used Exim mail server. These vulnerabilities have been lurking in the shadows since their discovery in June 2022, when precautionary steps were taken to release patches for Exim and libspf2. Now, the vulnerabilities are finally unraveled. And spoiler alert, you are totally safe! No Action Required by Default on Your End At cPanel, we …

The post cPanel Vulnerability Report: No Actions Required by Default first appeared on cPanel Blog.

Two security issues were found in Curl, an easy-to-use client-side URL transfer library and command line tool: CVE-2023-38545

USN-6404-1 caused some minor regressions in Firefox.

Update oneVPL and oneVPL-intel-gpu to latest releases. Fixes CVE-2023-22338 and CVE-2023-22840. No ABI changes.