FEDORA-EPEL-2022-e1430e72de

Packages in this update:

wordpress-5.1.13-1.el7

Update description:

WordPress 5.1.13 Security Release

Read More

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Nexus Dashboard Fabric Controller. Authentication is not required to exploit this vulnerability.

Read More

This vulnerability allows local attackers to escalate privileges on affected installations of Cisco Nexus Dashboard Fabric Controller. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Nexus Dashboard Fabric Controller. Authentication is not required to exploit this vulnerability.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of MyBB. Authentication is required to exploit this vulnerability.

Read More

WordPress 5.9.2 is now available!

This security and maintenance release features 1 bug fix in addition to 3 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated.

WordPress 5.9.2 is a security and maintenance release. The next major release will be version 6.0.

You can download WordPress 5.9.2 from WordPress.org, or visit your Dashboard → Updates and click “Update Now”.

If you have sites that support automatic background updates, they’ve already started the update process.

The security team would like to thank the following people for responsively reporting vulnerabilities, allowing them to be fixed in this release:

Melar Dev, for finding a Prototype Pollution Vulnerability in a jQuery dependencyBen Bidner of the WordPress security team, for finding a Stored Cross Site Scripting VulnerabilityResearchers from Johns Hopkins University, for finding a Prototype Pollution Vulnerability in the block editor

For more information, browse the full list of changes on Trac, or check out the version 5.9.2 HelpHub documentation page.

Thanks and props!

The 5.9.2 release was led by Jb Audras, with the help of Jorge Costa on package updates, Sergey Biryukov on mission control, and David Baumwald on backport commits.

In addition to the release squad members and security researchers mentioned above, thank you to everyone who helped make WordPress 5.9.2 happen:

Alan Jacob Mathew, Alex Concha, André, Anton Vlasenko, David Baumwald, ehtis, Jb Audras, Jorge Costa, Peter Wilson, Sergey Biryukov, Tonya Mork, and ironprogrammer.

Props @davidbaumwald and @sergeybiryukov for peer review.

Read More

Thomas Akesson discovered that Subversion incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.

Read More

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, spoof the browser
UI, bypass security restrictions, obtain sensitive information, or execute
arbitrary code. (CVE-2022-0843, CVE-2022-26381, CVE-2022-26382,
CVE-2022-26383, CVE-2022-26384, CVE-2022-26385)

A TOCTOU bug was discovered when verifying addon signatures during
install. A local attacker could potentially exploit this to trick a
user into installing an addon with an invalid signature.
(CVE-2022-26387)

Read More