Category Archives: Advisories

WP Engine is banned from WordPress.org

Read Time:1 Minute, 19 Second

Any WP Engine customers having trouble with their sites should contact WP Engine support and ask them to fix it.

I won’t bore you with the story of how WP Engine broke thousands of customer sites yesterday in their haphazard attempt to block our attempts to inform the wider WordPress community regarding their disabling and locking down a WordPress core feature in order to extract profit.

What I will tell you, that pending their legal claims and litigation against WordPress.org, WP Engine no longer has free access to WordPress.org’s resources.

WP Engine wants to control your WordPress experience, they need to run their own user login system, update servers, plugin directory, theme directory, pattern directory, block directory, translations, photo directory, job board, meetups, conferences, bug tracker, forums, Slack, Ping-o-matic, and showcase. Their servers can no longer access our servers for free.

The reason WordPress sites don’t get hacked as much anymore is we work with hosts to block vulnerabilities at the network layer, WP Engine will need to replicate that security research on their own.

Why should WordPress.org provide these services to WP Engine for free, given their attacks on us?

WP Engine is free to offer their hacked up, bastardized simulacra of WordPress’s GPL code to their customers, and they can experience WordPress as WP Engine envisions it, with them getting all of the profits and providing all of the services.

If you want to experience WordPress, use any other host in the world besides WP Engine. WP Engine is not WordPress.

Read More

USN-7035-1: AppArmor vulnerability

Read Time:12 Second

It was discovered that the AppArmor policy compiler incorrectly generated
looser restrictions than expected for rules allowing mount operations. A
local attacker could possibly use this to bypass AppArmor restrictions in
applications where some mount operations were permitted.

Read More

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

Read Time:28 Second

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

chromium-129.0.6668.70-1.el9

Read Time:17 Second

FEDORA-EPEL-2024-89511748af

Packages in this update:

chromium-129.0.6668.70-1.el9

Update description:

Update to 129.0.6668.70

* High CVE-2024-9120: Use after free in Dawn
* High CVE-2024-9121: Inappropriate implementation in V8
* High CVE-2024-9122: Type Confusion in V8
* High CVE-2024-9123: Integer overflow in Skia

Read More

chromium-129.0.6668.70-1.fc39

Read Time:17 Second

FEDORA-2024-e60359f212

Packages in this update:

chromium-129.0.6668.70-1.fc39

Update description:

Update to 129.0.6668.70

* High CVE-2024-9120: Use after free in Dawn
* High CVE-2024-9121: Inappropriate implementation in V8
* High CVE-2024-9122: Type Confusion in V8
* High CVE-2024-9123: Integer overflow in Skia

Read More

chromium-129.0.6668.70-1.el8

Read Time:17 Second

FEDORA-EPEL-2024-5ec6a4bb83

Packages in this update:

chromium-129.0.6668.70-1.el8

Update description:

Update to 129.0.6668.70

* High CVE-2024-9120: Use after free in Dawn
* High CVE-2024-9121: Inappropriate implementation in V8
* High CVE-2024-9122: Type Confusion in V8
* High CVE-2024-9123: Integer overflow in Skia

Read More

chromium-129.0.6668.70-1.fc40

Read Time:17 Second

FEDORA-2024-aaff7345b8

Packages in this update:

chromium-129.0.6668.70-1.fc40

Update description:

Update to 129.0.6668.70

* High CVE-2024-9120: Use after free in Dawn
* High CVE-2024-9121: Inappropriate implementation in V8
* High CVE-2024-9122: Type Confusion in V8
* High CVE-2024-9123: Integer overflow in Skia

Read More