Read Time:7 Second
FEDORA-2022-61ec901852
Packages in this update:
jhead-3.06.0.1-5.fc36
Update description:
added patches to fix CVE-2022-41751
Category Archives: Advisories
CVE-2021-3305 (feishu)
Read Time:6 Second
Beijing Feishu Technology Co., Ltd Feishu v3.40.3 was discovered to contain an untrusted search path vulnerability.
libksba-1.6.2-1.fc35
Read Time:7 Second
FEDORA-2022-7c13845b0d
Packages in this update:
libksba-1.6.2-1.fc35
Update description:
New upstream release fixing CVE-2022-3515
jhead-3.06.0.1-5.fc37
Read Time:7 Second
FEDORA-2022-628829f0e6
Packages in this update:
jhead-3.06.0.1-5.fc37
Update description:
added patches to fix CVE-2022-41751
wordpress-5.1.15-1.el7
Read Time:32 Second
FEDORA-EPEL-2022-42745d5b54
Packages in this update:
wordpress-5.1.15-1.el7
Update description:
WordPress 5.1.15 Security Release
Security updates included in this release
Media: Refactor search by filename within the admin,
REST API: Lockdown post parameter of the terms endpoint,
Customize: Escape blogname option in underscores templates,
Query: Validate relation in WP_Date_Query,
Posts, Post types: Apply KSES to post-by-email content,
General: Validate host on “Are you sure?” screen,
Posts, Post types: Remove emails from post-by-email logs,
Pings/trackbacks: Apply KSES to all trackbacks,
Mail: Reset PHPMailer properties between use,
Widgets: Escape RSS error messages for display.
wordpress-5.9.5-1.fc35
Read Time:1 Minute, 9 Second
FEDORA-2022-35ce8ecede
Packages in this update:
wordpress-5.9.5-1.fc35
Update description:
WordPress 5.9.5 Security Release
Security updates included in this release
Stored XSS via wp-mail.php (post by email) – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
Open redirect in wp_nonce_ays – devrayn
Sender’s email address is exposed in wp-mail.php – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
Media Library – Reflected XSS via SQLi – Ben Bidner from the WordPress security team and Marc Montpas from Automattic independently discovered this issue
CSRF in wp-trackback.php – Simon Scannell
Stored XSS via the Customizer – Alex Concha from the WordPress security team
Revert shared user instances introduced in 50790 – Alex Concha and Ben Bidner from the WordPress security team
Stored XSS in WordPress Core via Comment Editing – Third-party security audit and Alex Concha from the WordPress security team
Data exposure via the REST Terms/Tags Endpoint – Than Taintor
Content from multipart emails leaked – Thomas Kräftner
SQL Injection due to improper sanitization in WP_Date_Query – Michael Mazzolini
RSS Widget: Stored XSS issue – Third-party security audit
Stored XSS in the search block – Alex Concha of the WP Security team
Feature Image Block: XSS issue – Third-party security audit
RSS Block: Stored XSS issue – Third-party security audit
Fix widget block XSS – Third-party security audit
wordpress-6.0.3-1.el9
Read Time:1 Minute, 9 Second
FEDORA-EPEL-2022-a2b7e4338d
Packages in this update:
wordpress-6.0.3-1.el9
Update description:
WordPress 6.0.3 Security Release
Security updates included in this release
Stored XSS via wp-mail.php (post by email) – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
Open redirect in wp_nonce_ays – devrayn
Sender’s email address is exposed in wp-mail.php – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
Media Library – Reflected XSS via SQLi – Ben Bidner from the WordPress security team and Marc Montpas from Automattic independently discovered this issue
CSRF in wp-trackback.php – Simon Scannell
Stored XSS via the Customizer – Alex Concha from the WordPress security team
Revert shared user instances introduced in 50790 – Alex Concha and Ben Bidner from the WordPress security team
Stored XSS in WordPress Core via Comment Editing – Third-party security audit and Alex Concha from the WordPress security team
Data exposure via the REST Terms/Tags Endpoint – Than Taintor
Content from multipart emails leaked – Thomas Kräftner
SQL Injection due to improper sanitization in WP_Date_Query – Michael Mazzolini
RSS Widget: Stored XSS issue – Third-party security audit
Stored XSS in the search block – Alex Concha of the WP Security team
Feature Image Block: XSS issue – Third-party security audit
RSS Block: Stored XSS issue – Third-party security audit
Fix widget block XSS – Third-party security audit
wordpress-6.0.3-1.fc37
Read Time:1 Minute, 9 Second
FEDORA-2022-3c1f843ced
Packages in this update:
wordpress-6.0.3-1.fc37
Update description:
WordPress 6.0.3 Security Release
Security updates included in this release
Stored XSS via wp-mail.php (post by email) – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
Open redirect in wp_nonce_ays – devrayn
Sender’s email address is exposed in wp-mail.php – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
Media Library – Reflected XSS via SQLi – Ben Bidner from the WordPress security team and Marc Montpas from Automattic independently discovered this issue
CSRF in wp-trackback.php – Simon Scannell
Stored XSS via the Customizer – Alex Concha from the WordPress security team
Revert shared user instances introduced in 50790 – Alex Concha and Ben Bidner from the WordPress security team
Stored XSS in WordPress Core via Comment Editing – Third-party security audit and Alex Concha from the WordPress security team
Data exposure via the REST Terms/Tags Endpoint – Than Taintor
Content from multipart emails leaked – Thomas Kräftner
SQL Injection due to improper sanitization in WP_Date_Query – Michael Mazzolini
RSS Widget: Stored XSS issue – Third-party security audit
Stored XSS in the search block – Alex Concha of the WP Security team
Feature Image Block: XSS issue – Third-party security audit
RSS Block: Stored XSS issue – Third-party security audit
Fix widget block XSS – Third-party security audit
wordpress-6.0.3-1.fc36
Read Time:1 Minute, 9 Second
FEDORA-2022-4e099582c7
Packages in this update:
wordpress-6.0.3-1.fc36
Update description:
WordPress 6.0.3 Security Release
Security updates included in this release
Stored XSS via wp-mail.php (post by email) – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
Open redirect in wp_nonce_ays – devrayn
Sender’s email address is exposed in wp-mail.php – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
Media Library – Reflected XSS via SQLi – Ben Bidner from the WordPress security team and Marc Montpas from Automattic independently discovered this issue
CSRF in wp-trackback.php – Simon Scannell
Stored XSS via the Customizer – Alex Concha from the WordPress security team
Revert shared user instances introduced in 50790 – Alex Concha and Ben Bidner from the WordPress security team
Stored XSS in WordPress Core via Comment Editing – Third-party security audit and Alex Concha from the WordPress security team
Data exposure via the REST Terms/Tags Endpoint – Than Taintor
Content from multipart emails leaked – Thomas Kräftner
SQL Injection due to improper sanitization in WP_Date_Query – Michael Mazzolini
RSS Widget: Stored XSS issue – Third-party security audit
Stored XSS in the search block – Alex Concha of the WP Security team
Feature Image Block: XSS issue – Third-party security audit
RSS Block: Stored XSS issue – Third-party security audit
Fix widget block XSS – Third-party security audit
DSA-5257 linux – security update
Read Time:7 Second
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.