Read Time:6 Second
FEDORA-2023-c1535224de
Packages in this update:
wordpress-6.2.3-1.fc37
Update description:
WordPress 6.2.3 Security Release
Monthly Archives: October 2023
wordpress-5.1.17-1.el7
Read Time:7 Second
FEDORA-EPEL-2023-d2e65a75f1
Packages in this update:
wordpress-5.1.17-1.el7
Update description:
WordPress 5.1.17 Security Release
wordpress-6.3.2-1.fc39
Read Time:1 Minute, 1 Second
FEDORA-2023-1adca3e938
Packages in this update:
wordpress-6.3.2-1.fc39
Update description:
WordPress 6.3.2 – Maintenance and Security release
This security and maintenance release features 19 bug fixes on Core, 22 bug fixes for the Block Editor, and 8 security fixes.
Security updates included in this release:
Marc Montpas of Automattic for finding a potential disclosure of user email addresses.
Marc Montpas of Automattic for finding an RCE POP Chains vulnerability.
Rafie Muhammad and Edouard L of Patchstack along with a WordPress commissioned third-party audit for each independently identifying a XSS issue in the post link navigation block.
Jb Audras of the WordPress Security Team and Rafie Muhammad of Patchstack for each independently discovering an issue where comments on private posts could be leaked to other users.
John Blackbourn (WordPress Security Team), James Golovich, J.D Grimes, Numan Turle, WhiteCyberSec for each independently identifying a way for logged-in users to execute any shortcode.
mascara7784 and a third-party security audit for identifying a XSS vulnerability in the application password screen.
Jorge Costa of the WordPress Core Team for identifying XSS vulnerability in the footnotes block.
s5s and raouf_maklouf for independently identifying a cache poisoning DoS vulnerability.
wordpress-6.3.2-1.fc38
Read Time:1 Minute, 1 Second
FEDORA-2023-c42a4b2eab
Packages in this update:
wordpress-6.3.2-1.fc38
Update description:
WordPress 6.3.2 – Maintenance and Security release
This security and maintenance release features 19 bug fixes on Core, 22 bug fixes for the Block Editor, and 8 security fixes.
Security updates included in this release:
Marc Montpas of Automattic for finding a potential disclosure of user email addresses.
Marc Montpas of Automattic for finding an RCE POP Chains vulnerability.
Rafie Muhammad and Edouard L of Patchstack along with a WordPress commissioned third-party audit for each independently identifying a XSS issue in the post link navigation block.
Jb Audras of the WordPress Security Team and Rafie Muhammad of Patchstack for each independently discovering an issue where comments on private posts could be leaked to other users.
John Blackbourn (WordPress Security Team), James Golovich, J.D Grimes, Numan Turle, WhiteCyberSec for each independently identifying a way for logged-in users to execute any shortcode.
mascara7784 and a third-party security audit for identifying a XSS vulnerability in the application password screen.
Jorge Costa of the WordPress Core Team for identifying XSS vulnerability in the footnotes block.
s5s and raouf_maklouf for independently identifying a cache poisoning DoS vulnerability.
wordpress-6.3.2-1.el9
Read Time:1 Minute, 1 Second
FEDORA-EPEL-2023-4481e7aebc
Packages in this update:
wordpress-6.3.2-1.el9
Update description:
WordPress 6.3.2 – Maintenance and Security release
This security and maintenance release features 19 bug fixes on Core, 22 bug fixes for the Block Editor, and 8 security fixes.
Security updates included in this release:
Marc Montpas of Automattic for finding a potential disclosure of user email addresses.
Marc Montpas of Automattic for finding an RCE POP Chains vulnerability.
Rafie Muhammad and Edouard L of Patchstack along with a WordPress commissioned third-party audit for each independently identifying a XSS issue in the post link navigation block.
Jb Audras of the WordPress Security Team and Rafie Muhammad of Patchstack for each independently discovering an issue where comments on private posts could be leaked to other users.
John Blackbourn (WordPress Security Team), James Golovich, J.D Grimes, Numan Turle, WhiteCyberSec for each independently identifying a way for logged-in users to execute any shortcode.
mascara7784 and a third-party security audit for identifying a XSS vulnerability in the application password screen.
Jorge Costa of the WordPress Core Team for identifying XSS vulnerability in the footnotes block.
s5s and raouf_maklouf for independently identifying a cache poisoning DoS vulnerability.
CVE-2022-48612
Read Time:13 Second
A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression (validating whether a URL is controlled by ClassLink) is not present in all applicable places.
DSA-5522-3 tomcat9 – regression update
Read Time:14 Second
A regression was discovered in the Http2UpgradeHandler class of Tomcat 9
introduced by the patch to fix CVE-2023-44487 (Rapid Reset Attack). A wrong
value for the overheadcount variable forced HTTP2 connections to close early.
DSA-5528 node-babel7 – security update
Read Time:7 Second
William Khem-Marquez discovered that using malicious plugins for the
the Babel JavaScript compiler could result in arbitrary code execution
during compilation
CVE-2018-25091
Read Time:20 Second
urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).
matrix-synapse-1.80.0-7.fc37
Read Time:7 Second
FEDORA-2023-954c2ec5bd
Packages in this update:
matrix-synapse-1.80.0-7.fc37
Update description:
Backport fix for CVE-2023-45129