WordPress 3.6 Release Candidate 2

Jul24
by Ike on July 24, 2013 at 7:25 am
Posted In: Backups, CMS, Development, PHP, Releases, security, Testing, Wordpress

The second release candidate for WordPress 3.6 is now available for download and testing.

We’re down to only a few remaining issues, and the final release should be available in a matter of days. In RC2, we’ve tightened up some aspects of revisions, autosave, and the media player, and fixed some bugs that were spotted in RC1. Please test this release candidate as much as you can, so we can deliver a smooth final release!

Think you’ve found a bug? Please post to the Alpha/Beta area in the support forums.

Developers, please continue to test your plugins and themes, so that if there is a compatibility issue, we can figure it out before the final release. You can find our list of known issues here.

To test WordPress 3.6, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the release candidate here (zip).

Revisions so smooth
We autosave your changes
Data loss begone!

└ Tags: , , ,

Ubuntu: 1908-1: OpenJDK 6 vulnerabilities

Jul23
by Ike on July 23, 2013 at 8:55 pm
Posted In: Other

(Jul 23) Several security issues were fixed in OpenJDK 6.

 Comment 

Red Hat: 2013:1100-01: qemu-kvm: Important Advisory

Jul23
by Ike on July 23, 2013 at 8:24 pm
Posted In: Other

(Jul 22) Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More…]

└ Tags: , , ,
 Comment 

Red Hat: 2013:1101-01: virtio-win: Important Advisory

Jul23
by Ike on July 23, 2013 at 8:24 pm
Posted In: Other

(Jul 22) An updated virtio-win package that fixes one security issue is now available for Red Hat Enterprise Linux 6 Supplementary. The Red Hat Security Response Team has rated this update as having [More…]

└ Tags: , , ,
 Comment 

Security Advisory 2013-07-22

Jul23
by Ike on July 23, 2013 at 10:55 am
Posted In: Community, cPanel, Hosting, mod_security, News, security

SUMMARY
Mod_Security was found to have a Remote Null Pointer Dereference vulnerability that could cause it to crash.

SECURITY RATING
The cPanel Security Team has rated this update has having moderate security impact.
Information on security ratings is available at: http://go.cpanel.net/securitylevels.

DETAIL
CVE-2013-2765 states: “When forceRequestBodyVariable action is triggered and a unknown Content-Type is used, mod_security
will crash trying to manipulate msr->msc_reqbody_chunks->elts however msr->msc_reqbody_chunks is NULL.”

AFFECTED VERSIONS
All versions of mod_security before 2.7.4.

SOLUTION
cPanel, Inc has released EasyApache 3.20.4 which includes mod_security version 2.7.4 to correct this issue. To update, rebuild your EasyApache profile. For more information on rebuilding profiles, please consult our documentation (http://go.cpanel.net/ea)

RELEASES
EasyApache v3.20.4 addresses the mod_security vulnerability.
Unless EasyApache updates are disabled on your system, the latest version of EasyApache will be used whenever EasyApache is run. Note that EasyApache updates must be done manually.

REFERENCES
CVE-2013-2765 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2765)
Red Hat Security Response Team (https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2765)
Mod_Security ChangeLog (https://raw.github.com/SpiderLabs/ModSecurity/master/CHANGES)

For the PGP signed message, please go here.

└ Tags: , , , ,
 Comment 

50 queries. 8.75 mb Memory usage. 0.258 seconds.