Red Hat: 2014:0266-01: sudo: Moderate Advisory
(Mar 10) An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate [More…]
(Mar 10) An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate [More…]
I’m excited to announce that the first beta of WordPress 3.9 is now available for testing.
WordPress 3.9 is due out next month — but in order to hit that goal, we need your help testing all of the goodies we’ve added:
If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on the WordPress Trac. There, you can also find a list of known bugs and everything we’ve fixed so far.
This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 3.9, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).
DEVELOPERS! Hello! There’s lots for you, too.
Please test your plugins and themes! There’s a lot of great stuff under the hood in 3.9 and we hope to blog a bit about them in the coming days. If you haven’t been reading the awesome weekly summaries on the main core development blog, that’s a great place to start. (You should definitely follow that blog.) For now, here are some things to watch out for when testing:
mysql_*
functions directly.Happy testing!
Lots of improvements
Little things go a long way
Please test beta one
SUMMARY
cPanel, Inc. has released EasyApache 3.24.12 with PHP versions 5.5.10 and 5.4.26. This release addresses PHP vulnerabilities CVE-2014-1943, CVE-2014-2270, and CVE-2013-7327 by fixing bugs in the Fileinfo and GD modules. We encourage all PHP users to upgrade to PHP versions 5.5.10 and 5.4.26.
AFFECTED VERSIONS
All versions of PHP 5.4 before 5.4.26.
All versions of PHP 5.5 before 5.5.10.
SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:
CVE-2014-1943 – MEDIUM
PHP 5.4.26
Fixed bug in the Fileinfo module related to CVE-2014-1943.
PHP 5.5.10
Fixed bug in the Fileinfo module related to CVE-2014-1943.
CVE-2014-2270 – MEDIUM
PHP 5.4.26
Fixed bug in the Fileinfo module related to CVE-2014-2270.
PHP 5.5.10
Fixed bug in the Fileinfo module related to CVE-2014-2270.
CVE-2013-7327 – MEDIUM
PHP 5.5.10
Fixed bug in the GD module related to CVE-2013-7327.
SOLUTION
cPanel, Inc. has released EasyApache 3.24.12 with updated versions of PHP 5.4 and 5.5 to correct these issues. Unless you have disabled EasyApache updates, EasyApache will include the latest versions of PHP automatically. Run EasyApache to rebuild your profile with the latest version of PHP.
REFERENCES
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2270
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7327
http://www.php.net/ChangeLog-5.php#5.5.10
http://www.php.net/ChangeLog-5.php#5.4.26
For the PGP-signed message, see EA3-CVE-3-24-12-signed.
(Mar 8) Florian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially-crafted tag that, when parsed by an application using libyaml, [More…]
(Mar 7) Several security issues were fixed in the kernel.
58 queries. 8.25 mb Memory usage. 6.193 seconds.