Flatpak could be made to read and write files in locations it would not normally have access to.
Archive for September, 2024
Simone Margaritelli reported that cups, the Common UNIX Printing System, does not properly sanitize IPP attributes when creating PPD files, which may result in the execution of arbitrary code.
Simone Margaritelli reported several vulnerabilities in cups-filters. Missing validation of IPP attributes returned from an IPP server and multiple bugs in the cups-browsed component can result in the execution of arbitrary commands without authentication when a print job is
Update to new upstream version (closes rhbz#2237124)
Fix for remote vulnerabilities against OpenPrinting cups-filters
Fix for remote vulnerabilities against OpenPrinting cups-filters
Fix for remote vulnerabilities against OpenPrinting cups-filters
Fix for remote vulnerabilities against OpenPrinting cups-filters
Fix for remote vulnerabilities against OpenPrinting cups-filters
It was discovered that the Booth cluster ticket manager failed to correctly validate some authentication hashes. For the stable distribution (bookworm), this problem has been fixed in
Albert Cervera discovered two missing authorisation checks in the Tryton application platform. For the stable distribution (bookworm), this problem has been fixed in
libppd could be made to run programs if it received specially crafted network traffic.
libcupsfilters could be made to run programs if it received specially crafted network traffic.
cups-filters could be made to run programs if it received specially crafted network traffic.
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
Pending their legal claims and litigation against WordPress.org, WP Engine no longer has free access to WordPress.org’s resources.
It has to be said and repeated: WP Engine is not WordPress. My own mother was confused and thought WP Engine was an official thing. Their branding, marketing, advertising, and entire promise to customers is that they’re giving you WordPress, but they’re not. And they’re profiting off of the confusion. WP Engine needs a trademark […]
PDX + WCUS 2024: A Recap
WordCamp US (WCUS), North America’s largest WordPress event, hosted over 1,500 attendees from around the world at the Oregon Convention Center in Portland, from September 17 to 20.
It was discovered that ruby-saml, a SAML library implementing the client side of a SAML authorization, does not properly verify the signature of the SAML Response, which could result in bypass of authentication in an application using the ruby-saml library.
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
Yufan You discovered that Libreoffice’s handling of documents based on ZIP archives was suspectible to spoofing attacks when the repair mode attempts to address a malformed archive structure.
Fabien Potencier discovered that under some conditions the sandbox mechanism of Twig, a template engine for PHP, could by bypassed. For the stable distribution (bookworm), this problem has been fixed in
Shang-Hung Wan discovered multiple vulnerabilities in the Expat XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code.
Join us this week as Josepha takes a personal journey down memory lane to her first encounters with WordPress. In this episode, she shares the story of her very first WordPress website, the excitement of getting involved with WordCamps, and how those early discoveries shaped her rewarding path in the WordPress community. Whether you’re a seasoned user or new to the platform, Josepha’s reflections will inspire you with insights from her earliest days in WordPress.
Multiple issues were found in Git, a fast, scalable, distributed revision control system, which may result in file overwrites outside the repository, arbitrary configuration injection or arbitrary code execution.
The reimagined Learn WordPress experience launched just over a month ago. It introduces Learning Pathways, a new approach to educational content from the Training team. In case you haven’t explored the updated Learn WordPress site yet, take a peek at what you’ve been missing in this short and sweet virtual tour: The reception of the […]
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
WordPress 6.6.2 is now available! This minor release includes 15 bug fixes in Core and 11 in the Block Editor, addressing issues like unexpected CSS specificity changes in certain themes. For a full summary of the maintenance updates, you can refer to the Release Candidate announcement. WordPress 6.6.2 is a short-cycle release. The next major […]
urlize and urlizetrunc were subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.