Read Time:46 Second

FEDORA-2023-e18d3d4004

Packages in this update:

wordpress-6.2.2-1.fc38

Update description:

WordPress 6.2.2 Security Release

Security updates included in this release:

Block themes parsing shortcodes in user-generated data; thanks to Liam Gladdy of WP Engine for reporting this issue.

WordPress 6.2.1 Maintenance & Security Release

Security updates included in this release

Block themes parsing shortcodes in user generated data; thanks to Liam Gladdy of WP Engine for reporting this issue
A CSRF issue updating attachment thumbnails; reported by John Blackbourn of the WordPress security team
A flaw allowing XSS via open embed auto discovery; reported independently by Jakub Żoczek of Securitum and during a third party security audit
Bypassing of KSES sanitization in block attributes for low privileged users; discovered during a third party security audit.
A path traversal issue via translation files; reported independently by Ramuel Gall and during a third party security audit.

Friday Squid Blogging: Squid Game Season Two Teaser

Clever Social Engineering Attack Using Captchas

US Cyberspace Solarium Commission Outlines Ten New Cyber Policy Priorities

Cybersecurity Skills Gap Leaves Cloud Environments Vulnerable

Going for Gold: HSBC Approves Quantum-Safe Technology for Tokenized Bullions

This Windows PowerShell Phish Has Scary Potential

Infostealers Cause Surge in Ransomware Attacks, Just One in Three Recover Data

FBI Shuts Down Chinese Botnet

Western Agencies Warn Risk from Chinese-Controlled Botnet

wordpress-6.2.2-1.fc38

FEDORA-2023-e18d3d4004

Packages in this update:

Update description:

GLSA 202409-07: Rust: Multiple Vulnerabilities

GLSA 202409-06: file: Stack Buffer Overread

GLSA 202409-05: PJSIP: Heap Buffer Overflow

GLSA 202409-04: calibre: Multiple Vulnerabilities

GLSA 202409-03: GPL Ghostscript: Multiple Vulnerabilities

GLSA 202409-02: PostgreSQL: Privilege Escalation