WordPress 5.0.1 Security Release

Dec13
by Ike on December 13, 2018 at 3:13 am
Posted In: Backups, CMS, PHP, Releases, security, Wordpress

WordPress 5.0.1 is now available. This is a security release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.

Plugin authors are encouraged to read the 5.0.1 developer notes for information on backwards-compatibility.

WordPress versions 5.0 and earlier are affected by the following bugs, which are fixed in version 5.0.1. Updated versions of WordPress 4.9 and older releases are also available, for users who have not yet updated to 5.0.

  • Karim El Ouerghemmi discovered that authors could alter meta data to delete files that they weren’t authorized to.
  • Simon Scannell of RIPS Technologies discovered that authors could create posts of unauthorized post types with specially crafted input.
  • Sam Thomas discovered that contributors could craft meta data in a way that resulted in PHP object injection.
  • Tim Coen discovered that contributors could edit new comments from higher-privileged users, potentially leading to a cross-site scripting vulnerability.
  • Tim Coen also discovered that specially crafted URL inputs could lead to a cross-site scripting vulnerability in some circumstances. WordPress itself was not affected, but plugins could be in some situations.
  • Team Yoast discovered that the user activation screen could be indexed by search engines in some uncommon configurations, leading to exposure of email addresses, and in some rare cases, default generated passwords.
  • Tim Coen and Slavco discovered that authors on Apache-hosted sites could upload specifically crafted files that bypass MIME verification, leading to a cross-site scripting vulnerability.

Thank you to all of the reporters for privately disclosing the vulnerabilities, which gave us time to fix them before WordPress sites could be attacked.

Download WordPress 5.0.1, or venture over to Dashboard → Updates and click Update Now. Sites that support automatic background updates are already beginning to update automatically.

In addition to the security researchers mentioned above, thank you to everyone who contributed to WordPress 5.0.1:

Alex Shiels, Alex Concha, Anton Timmermans, Andrew Ozz, Aaron Campbell, Andrea Middleton, Ben Bidner, Barry Abrahamson, Chris Christoff, David Newman, Demitrious Kelly, Dion Hulse, Hannah Notess, Gary PendergastHerre Groen, Ian Dunn, Jeremy FeltJoe McGill, John James Jacoby, Jonathan DesrosiersJosepha Haden, Joost de Valk, Mo Jangda, Nick Daugherty, Peter Wilson, Pascal Birchler, Sergey Biryukov, and Valentyn Pylypchuk.

└ Tags: ,

Thanks for a smashing 2018: Year in Review [Video]

Dec12
by Ike on December 12, 2018 at 7:00 am
Posted In: APAC Partner, Become a Partner, Cloudfest 2018, J and Beyond, new plesk extensions, New Plesk Onyx, Partner Program, Plesk, Plesk Business and Collaboration Edition, Plesk Extensions, Plesk news and announcements, Plesk Partner Success Team, plesk partners, Plesk Wordpress Edition, Releases, SolusVM, WCEU, WCUS

What a journey! But we couldn’t have achieved so much without the engagement and support of our customers and partners. You drive us to develop better products, service and solutions. So let us take a moment to thank you for being great, and present Plesk’s top wins of the year.

1. New Plesk Onyx 17.8 Release

We took your feedback and gave Plesk Onyx a huge update in March. Thus, better aligning our complete platform with the way web professionals work. We focused on five main areas: Site performance and speed, SEO tools integration, WordPress Toolkit efficiency and ease, tighter security and Cloud integration.

Find out more about this update here.

2. Major Industry Events

From Cloudfest in Germany to WordCamp Europe in Serbia, to J and Beyond in Germany and WordCamp US in Nashville. These were only a few of the events that allowed us to connect with new and old friends this year. Plus, learn and grow from the communities and the great minds we met. We even organized our own successful APAC Partner event in Singapore to better connect and exchange ideas with our partners.

3. SolusVM Joins the Group

London-based SolusVM from OnApp is a virtual server management system that offers Infrastructure-as-a-Service hosting. And is trusted by thousands of service providers. Plesk vowed to carry on its growth strategy and elevate it from a single server control panel to a future-proof cloud platform. In the same way, SolusVM boosts Plesk’s offering as it now becomes a complete solution, thanks to combined skills and resources.

Read the full story here.

4. New Plesk Editions

If Plesk Web Pro, Web Admin and Web Host Editions didn’t suit your needs exactly, we now also have Plesk WordPress Edition and Plesk Business and Collaboration Edition. Providing even more solutions, to more users. Plesk WordPress Edition offers Managed WordPress Hosters a complete solution to manage, secure and grow their business. While Plesk Business and Collaboration Edition combines all the features of a corporate grade collaboration suite. The ready-to-use solution includes communication, performance and security tools too.

5. More Partner Success

This year, in our efforts to get closer to Partners and provide better solutions, we refocused our Partner Success Team. Thus, better serving our partners, no matter where or how big. Providing more resources and support, better initiatives and offers, dedicated partner events and much more. Want to become a partner too and reap our special benefits? Get more info on our Partner Program page or get in touch.

6. Plesk Extensions of the Year

We’re constantly searching for new ways to deliver better solutions to plug into your Plesk. And so we released loads of extensions this year, both in-house and from partners – many available for free. We’ve made leaps forward in providing add-ons for web development and apps, security and monitoring, backup, Cloud, DNS, and more. Check out our full extension catalog to see what’s new – and what you can benefit from

Now that we’ve had a look back at the good stuff, we can continue flying forward. We hope to carry on exceeding expectations in 2019. So from all the Plesk Team: Thank you – and we’ll see you next year!

The post Thanks for a smashing 2018: Year in Review [Video] appeared first on Plesk.

└ Tags: , , , , , , , , , , , , , , ,
 Comment 

Ubuntu 3843-2: pixman vulnerability

Dec12
by Ike on December 12, 2018 at 5:32 am
Posted In: Other

(Dec 11) pixman could be made to crash or run programs if it processed specially crafted instructions.

 Comment 

Ubuntu 3844-1: Firefox vulnerabilities

Dec12
by Ike on December 12, 2018 at 5:32 am
Posted In: Other

(Dec 11) Firefox could be made to crash or run programs as your login if it opened a malicious website.

 Comment 

RedHat: RHSA-2018-3805:01 Low: Red Hat Enterprise Linux 6.7 Extended Update

Dec12
by Ike on December 12, 2018 at 5:20 am
Posted In: Other

(Dec 10) This is the one-Month notification for the retirement of Red Hat Enterprise Linux 6.7 Extended Update Support (EUS). This notification applies only to those customers subscribed to the Extended Update Support (EUS) channel for Red Hat Enterprise Linux 6.7.

 Comment 

42 queries. 6 mb Memory usage. 0.236 seconds.