Read Time:3 Second
Spyware maker wants return to “business as usual”
Monthly Archives: May 2023
dropbear-2020.80-7.el9
Read Time:9 Second
FEDORA-EPEL-2023-734a94ae05
Packages in this update:
dropbear-2020.80-7.el9
Update description:
This update is a backport of the upstream fix for CVE-2021-36369.
dropbear-2019.78-5.el8
Read Time:9 Second
FEDORA-EPEL-2023-78e9d2e031
Packages in this update:
dropbear-2019.78-5.el8
Update description:
This update is a backport of the upstream fix for CVE-2021-36369.
dropbear-2017.75-3.el7
Read Time:9 Second
FEDORA-EPEL-2023-00ddf3658a
Packages in this update:
dropbear-2017.75-3.el7
Update description:
This update is a backport of the upstream fix for CVE-2021-36369.
wordpress-5.1.16-1.el7
Read Time:9 Second
FEDORA-EPEL-2023-cd6dc8dccf
Packages in this update:
wordpress-5.1.16-1.el7
Update description:
WordPress 5.1.16 Security Release
Includes security fixes from 6.2.1
wordpress-6.2.1-1.fc37
Read Time:37 Second
FEDORA-2023-db50dafcaa
Packages in this update:
wordpress-6.2.1-1.fc37
Update description:
WordPress 6.2.1 Maintenance & Security Release
Security updates included in this release
Block themes parsing shortcodes in user generated data; thanks to Liam Gladdy of WP Engine for reporting this issue
A CSRF issue updating attachment thumbnails; reported by John Blackbourn of the WordPress security team
A flaw allowing XSS via open embed auto discovery; reported independently by Jakub Żoczek of Securitum and during a third party security audit
Bypassing of KSES sanitization in block attributes for low privileged users; discovered during a third party security audit.
A path traversal issue via translation files; reported independently by Ramuel Gall and during a third party security audit.
wordpress-6.2.1-1.el9
Read Time:37 Second
FEDORA-EPEL-2023-b725f0f13a
Packages in this update:
wordpress-6.2.1-1.el9
Update description:
WordPress 6.2.1 Maintenance & Security Release
Security updates included in this release
Block themes parsing shortcodes in user generated data; thanks to Liam Gladdy of WP Engine for reporting this issue
A CSRF issue updating attachment thumbnails; reported by John Blackbourn of the WordPress security team
A flaw allowing XSS via open embed auto discovery; reported independently by Jakub Żoczek of Securitum and during a third party security audit
Bypassing of KSES sanitization in block attributes for low privileged users; discovered during a third party security audit.
A path traversal issue via translation files; reported independently by Ramuel Gall and during a third party security audit.
wordpress-6.2.1-1.fc38
Read Time:37 Second
FEDORA-2023-2c2171e034
Packages in this update:
wordpress-6.2.1-1.fc38
Update description:
WordPress 6.2.1 Maintenance & Security Release
Security updates included in this release
Block themes parsing shortcodes in user generated data; thanks to Liam Gladdy of WP Engine for reporting this issue
A CSRF issue updating attachment thumbnails; reported by John Blackbourn of the WordPress security team
A flaw allowing XSS via open embed auto discovery; reported independently by Jakub Żoczek of Securitum and during a third party security audit
Bypassing of KSES sanitization in block attributes for low privileged users; discovered during a third party security audit.
A path traversal issue via translation files; reported independently by Ramuel Gall and during a third party security audit.
ZDI-23-691: Canonical ksmbd-tools SRVSVC Null Pointer Dereference Denial-of-Service Vulnerability
Read Time:8 Second
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Canonical ksmbd-tools. Authentication is not required to exploit this vulnerability.
ZDI-23-692: Linux Kernel IPv6 Segment Routing Out-Of-Bounds Read Information Disclosure Vulnerability
Read Time:12 Second
This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.