Read Time:37 Second

FEDORA-EPEL-2023-b725f0f13a

Packages in this update:

wordpress-6.2.1-1.el9

Update description:

WordPress 6.2.1 Maintenance & Security Release

Security updates included in this release

Block themes parsing shortcodes in user generated data; thanks to Liam Gladdy of WP Engine for reporting this issue
A CSRF issue updating attachment thumbnails; reported by John Blackbourn of the WordPress security team
A flaw allowing XSS via open embed auto discovery; reported independently by Jakub Żoczek of Securitum and during a third party security audit
Bypassing of KSES sanitization in block attributes for low privileged users; discovered during a third party security audit.
A path traversal issue via translation files; reported independently by Ramuel Gall and during a third party security audit.

Law Enforcement Crackdowns Drive Novel Ransomware Affiliate Schemes

SAP Fixes Critical Vulnerability After Evidence of Exploitation

M&S Shuts Down Online Orders Amid Ongoing Cyber Incident

Security Experts Flag Chrome Extension Using AI Engine to Act Without User Input

Cryptocurrency Thefts Get Physical

US Data Breach Lawsuits Total $155M Amid Cybersecurity Failures

Popular LLMs Found to Produce Vulnerable Code by Default

Hackers access sensitive SIM card data at South Korea’s largest telecoms company

New Linux Rootkit

wordpress-6.2.1-1.el9

FEDORA-EPEL-2023-b725f0f13a

Packages in this update:

Update description:

USN-7455-4: Linux kernel (Oracle) vulnerabilities

ZDI-CAN-27036: Apple

Commvault Command Center Path Traversal Vulnerability (CVE-2025-34028)

chromium-135.0.7049.114-1.fc41

chromium-135.0.7049.114-1.el10_1

chromium-135.0.7049.114-1.fc42