FEDORA-2023-c42a4b2eab
Packages in this update:
wordpress-6.3.2-1.fc38
Update description:
WordPress 6.3.2 – Maintenance and Security release
This security and maintenance release features 19 bug fixes on Core, 22 bug fixes for the Block Editor, and 8 security fixes.
Security updates included in this release:
Marc Montpas of Automattic for finding a potential disclosure of user email addresses.
Marc Montpas of Automattic for finding an RCE POP Chains vulnerability.
Rafie Muhammad and Edouard L of Patchstack along with a WordPress commissioned third-party audit for each independently identifying a XSS issue in the post link navigation block.
Jb Audras of the WordPress Security Team and Rafie Muhammad of Patchstack for each independently discovering an issue where comments on private posts could be leaked to other users.
John Blackbourn (WordPress Security Team), James Golovich, J.D Grimes, Numan Turle, WhiteCyberSec for each independently identifying a way for logged-in users to execute any shortcode.
mascara7784 and a third-party security audit for identifying a XSS vulnerability in the application password screen.
Jorge Costa of the WordPress Core Team for identifying XSS vulnerability in the footnotes block.
s5s and raouf_maklouf for independently identifying a cache poisoning DoS vulnerability.
More Stories
ZDI-CAN-25373: Microsoft
A CVSS score 7.0 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Peter Girnus - Trend Micro Zero Day Initiative' was reported to...
DSA-5774-1 ruby-saml – security update
It was discovered that ruby-saml, a SAML library implementing the client side of a SAML authorization, does not properly verify...
USN-6968-2: PostgreSQL vulnerability
USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and PostgreSQL-16 This update provides the corresponding updates for PostgreSQL-9.5 in Ubuntu 16.04 LTS....
USN-7015-2: Python vulnerabilities
USN-7015-1 fixed several vulnerabilities in Python. This update provides one of the corresponding updates for python2.7 for Ubuntu 16.04 LTS,...
USN-7027-1: Emacs vulnerabilities
It was discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands....
USN-7024-1: tgt vulnerability
It was discovered that tgt attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1,...