Read Time:37 Second

FEDORA-2023-db50dafcaa

Packages in this update:

wordpress-6.2.1-1.fc37

Update description:

WordPress 6.2.1 Maintenance & Security Release

Security updates included in this release

Block themes parsing shortcodes in user generated data; thanks to Liam Gladdy of WP Engine for reporting this issue
A CSRF issue updating attachment thumbnails; reported by John Blackbourn of the WordPress security team
A flaw allowing XSS via open embed auto discovery; reported independently by Jakub Żoczek of Securitum and during a third party security audit
Bypassing of KSES sanitization in block attributes for low privileged users; discovered during a third party security audit.
A path traversal issue via translation files; reported independently by Ramuel Gall and during a third party security audit.

New Ransomware Group Uses AI to Develop Nefarious Tools

Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme

WEF Warns of Growing Cyber Inequity Amid Escalating Complexities in Cyberspace

Three Russians Charged with Crypto Mixer Money Laundering

Telefonica Breach Hits 20,000 Employees and Exposes Jira Details

Friday Squid Blogging: Cotton-and-Squid-Bone Sponge

Apps That Are Spying on Your Location

Cybercriminals Use Fake CrowdStrike Job Offers to Distribute Cryptominer

Slovakia Hit by Historic Cyber-Attack on Land Registry

wordpress-6.2.1-1.fc37

FEDORA-2023-db50dafcaa

Packages in this update:

Update description:

USN-7200-1: Roundcube vulnerability

USN-6940-2: snapd vulnerabilities

USN-7199-1: xmltok library vulnerabilities

ZDI-25-027: (Pwn2Own) Google Chrome VideoFrame Use-After-Free Remote Code Execution Vulnerability

stb-0-0.50.20241002git31707d1.el8

DSA-5842-1 openafs – security update