This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro HouseCall. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
WordPress 6.0.2 is now available!
This security and maintenance release features 12 bug fixes on Core, 5 bug fixes for the Block Editor, and 3 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated.
WordPress 6.0.2 is a short-cycle release. You can review a summary of the main updates in this release by reading the RC1 announcement.
The next major release will be version 6.1 planned for November 1, 2022.
If you have sites that support automatic background updates, the update process will begin automatically.
You can download WordPress 6.0.2 from WordPress.org, or visit your WordPress Dashboard, click “Updates”, and then click “Update Now”.
For more information on this release, please visit the HelpHub site.
The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:
Fariskhi Vidyan for finding a possible SQL injection within the Link API.
Khalilov Moe for finding an XSS vulnerability on the Plugins screen.
John Blackbourn of the WordPress security team, for finding an output escaping issue within the_meta().
The WordPress 6.0.2 release was led by @sergeybiryukov and @gziolo.
WordPress 6.0.2 would not have been possible without the contributions of more than 50 people. Their asynchronous coordination to deliver several enhancements and fixes into a stable release is a testament to the power and capability of the WordPress community.
Alex Concha, Andrei Draganescu, annezazu, Anton Vlasenko, Ari Stathopoulos, Ben Dwyer, Carolina Nymark, Colin Stewart, Darren Coutts, Dilip Bheda, Dion Hulse, eMKey, Fabian Kägy, George Mamadashvili, Greg Ziółkowski, huubl, ironprogrammer, Jb Audras, John Blackbourn, Jonathan Desrosiers, jonmackintosh, Jonny Harris, Kelly Choyce-Dwan, Lena Morita, Linkon Miyan, Lovro Hrust, marybaum, Nick Diego, Nik Tsekouras, Olga Gleckler, Pascal Birchler, paulkevan, Peter Wilson, Sergey Biryukov, Stephen Bernhardt, Teddy Patriarca, Timothy Jacobs, tommusrhodus, Tomoki Shimomura, Tonya Mork, webcommsat AbhaNonStopNewsUK, and zieladam.
autotrace-0.31.9-1.fc36
AutoTrace ver. 0.31.9
autotrace-0.31.9-1.fc37
AutoTrace ver. 0.31.9
IBM Security Identity Manager 6.0 and 6.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 206089
exim-4.96-2.fc35
This is update of exim to fix CVE-2022-37451.
