| |
(Aug 13) |
| |
Security Report Summary
|
| |
(Aug 12) |
| |
Security Report Summary
|
| |
(Aug 12) |
| |
Security Report Summary
|
| |
(Aug 11) |
| |
Security Report Summary
|
| |
(Aug 10) |
| |
Security Report Summary
|
| |
(Aug 8) |
| |
Security Report Summary
|
| |
(Aug 7) |
| |
Security Report Summary
|
| |
(Aug 7) |
| |
Security Report Summary
|
|
|
|
| |
(Aug 13) |
| |
updated to 3.3.17
|
| |
(Aug 13) |
| |
This release fixes buffer overflows when compiling certain expressions.
|
| |
(Aug 13) |
| |
**WordPress 4.2.4 Security and Maintenance Release**WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov. It also includes a fix for a potential timing side-channel attack, discovered by Johannes Schmitt of Scrutinizer, and prevents an attacker from locking a post from being edited, discovered by Mohamed A. Baset.Our thanks to those who have practiced responsible disclosure of security issues.WordPress 4.2.4 also fixes four bugs. For more information, see: the release notes or consult the list of changes.* the release notes: https://wordpress.org/documentation/wordpress-version/version-4-2-4/* the list of changes: https://core.trac.wordpress.org/log/branches/4.2?rev=33573&stop_rev=33396 **WordPress 4.2.3 Security and Maintenance Release**WordPress 4.2.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site. This was initially reported by Jon Cave and fixed by Robert Chapin, both of the WordPress security team, and later reported by Jouko Pynnönen.We also fixed an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft. Reported by Netanel Rubin from Check Point Software Technologies.Our thanks to those who have practiced responsible disclosure of security issues.WordPress 4.2.3 also contains fixes for 20 bugs from 4.2. For more information, see:* the release notes: https://wordpress.org/documentation/wordpress-version/version-4-2-3/* the list of changes: https://core.trac.wordpress.org/log/branches/4.2?rev=33382&stop_rev=32430
|
| |
(Aug 13) |
| |
* Fix unsafe signal handlers to avoid DoS attack [CVE-2015-0847].
|
| |
(Aug 13) |
| |
* Fix unsafe signal handlers to avoid DoS attack [CVE-2015-0847].
|
| |
(Aug 13) |
| |
**WordPress 4.2.4 Security and Maintenance Release**WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov. It also includes a fix for a potential timing side-channel attack, discovered by Johannes Schmitt of Scrutinizer, and prevents an attacker from locking a post from being edited, discovered by Mohamed A. Baset.Our thanks to those who have practiced responsible disclosure of security issues.WordPress 4.2.4 also fixes four bugs. For more information, see: the release notes or consult the list of changes.* the release notes: https://wordpress.org/documentation/wordpress-version/version-4-2-4/* the list of changes: https://core.trac.wordpress.org/log/branches/4.2?rev=33573&stop_rev=33396 **WordPress 4.2.3 Security and Maintenance Release**WordPress 4.2.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site. This was initially reported by Jon Cave and fixed by Robert Chapin, both of the WordPress security team, and later reported by Jouko Pynnönen.We also fixed an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft. Reported by Netanel Rubin from Check Point Software Technologies.Our thanks to those who have practiced responsible disclosure of security issues.WordPress 4.2.3 also contains fixes for 20 bugs from 4.2. For more information, see:* the release notes: https://wordpress.org/documentation/wordpress-version/version-4-2-3/* the list of changes: https://core.trac.wordpress.org/log/branches/4.2?rev=33382&stop_rev=32430
|
| |
(Aug 12) |
| |
Update to latest upstream stable release, Linux v4.1.4. Fixes across the tree.
|
| |
(Aug 12) |
| |
Update to version 2.15.8, see for details. Fixes CVE-2015-5705.Update to version 2.15.7, see for details.This update fixes licensecheck refusing to parse some text files such as C++ source files.Update to version 2.15.6, see for details.Update to version 2.15.6, see for details.This update fixes licensecheck refusing to parse some text files such as C++ source files.Update to version 2.15.6, see for details.Update to version 2.15.6, see for details.Update to version 2.15.7, see for details.This update fixes licensecheck refusing to parse some text files such as C++ source files.Update to version 2.15.6, see for details.Update to version 2.15.6, see for details.This update fixes licensecheck refusing to parse some text files such as C++ source files.Update to version 2.15.6, see for details.Update to version 2.15.6, see for details.
|
| |
(Aug 12) |
| |
Update to version 2.15.8, see for details. Fixes CVE-2015-5705.Update to version 2.15.7, see for details.This update fixes licensecheck refusing to parse some text files such as C++ source files.Update to version 2.15.6, see for details.Update to version 2.15.6, see for details.This update fixes licensecheck refusing to parse some text files such as C++ source files.Update to version 2.15.6, see for details.Update to version 2.15.6, see for details.Update to version 2.15.7, see for details.This update fixes licensecheck refusing to parse some text files such as C++ source files.Update to version 2.15.6, see for details.Update to version 2.15.6, see for details.This update fixes licensecheck refusing to parse some text files such as C++ source files.Update to version 2.15.6, see for details.Update to version 2.15.6, see for details.
|
| |
(Aug 12) |
| |
Gabriel Vlasiu reported that xfs_metadump, part of the xfsprogs suite of tools for the XFS filesystem, did not properly obfuscate data. xfs_metadump properly obfuscates active metadata, but the rest of the space within that fs block comes through in the clear. This could lead to exposure of stale disk data via the produced metadump image.The expectation of xfs_metadump is to obfuscate all but the shortest names in the metadata, as noted in the manpage:By default, xfs_metadump obfuscates most file (regular file, directory and symbolic link) names and extended attribute names to allow the dumps to be sent without revealing confidential information. Extended attribute values are zeroed and no data is copied. The only exceptions are file or attribute names that are 4 or less characters in length. Also file names that span extents (this can only occur with the mkfs.xfs(8) options where -n size > -b size) are not obfuscated. Names between 5 and 8 characters in length inclusively are partially obfuscated.While the xfs_metadump tool can be run by unprivileged users, it requires appropriate permissions to access block devices (such as root) where the sensitive data might be dumped. An unprivileged user, without access to the block device, could not use this flaw to obtain sensitive data they would not otherwise have permission to access.
|
| |
(Aug 12) |
| |
QEMU heap overflow flaw while processing certain ATAPI commands.[XSA-138, CVE-2015-5154] (#1247142)rebuild efi grub.cfg if it is present (#1239309),add gcc5 build fixes, one needed for the following patch,modify gnutls use in line with Fedora's crypto policies (#117935)
|
| |
(Aug 12) |
| |
* denial of service in glob_()
|
| |
(Aug 12) |
| |
Update to latest upstream stable release, Linux v4.1.4. Fixes across the tree.
|
| |
(Aug 12) |
| |
QEMU heap overflow flaw while processing certain ATAPI commands.[XSA-138, CVE-2015-5154] (#1247142)try again to fix xen-qemu-dom0-disk-backend.service (#1242246)correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246),rebuild efi grub.cfg if it is present (#1239309),re-enable remus by building with libnl3,modify gnutls use in line with Fedora's crypto policies (#1179352)
|
| |
(Aug 10) |
| |
Security fix for CVE-2015-1331, CVE-2015-1334.
|
| |
(Aug 10) |
| |
Security fix for CVE-2015-1331, CVE-2015-1334.
|
| |
(Aug 10) |
| |
updated to securty update of 1.6.1 - https://www.elastic.co/blog/elasticsearch-1-7-0-and-1-6-1-released updated to 1.6.0
|
| |
(Aug 10) |
| |
Update to RubyGems 2.4.8.
|
| |
(Aug 10) |
| |
Security fix for CVE-2015-1331, CVE-2015-1334.
|
| |
(Aug 10) |
| |
Update to RubyGems 2.4.8.
|
| |
(Aug 10) |
| |
**WordPress 4.2.4 Security and Maintenance Release**WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov. It also includes a fix for a potential timing side-channel attack, discovered by Johannes Schmitt of Scrutinizer, and prevents an attacker from locking a post from being edited, discovered by Mohamed A. Baset.Our thanks to those who have practiced responsible disclosure of security issues.WordPress 4.2.4 also fixes four bugs. For more information, see: the release notes or consult the list of changes.* the release notes: https://wordpress.org/documentation/wordpress-version/version-4-2-4/* the list of changes: https://core.trac.wordpress.org/log/branches/4.2?rev=33573&stop_rev=33396
|
| |
(Aug 10) |
| |
Firefox security release. See:https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/
|
| |
(Aug 10) |
| |
QEMU heap overflow flaw while processing certain ATAPI commands.[XSA-138, CVE-2015-5154] (#1247142)try again to fix xen-qemu-dom0-disk-backend.service (#1242246)
|
| |
(Aug 10) |
| |
Update to 5.6.26
|
| |
(Aug 10) |
| |
Update to 5.6.26
|
| |
(Aug 10) |
| |
Update to 5.6.26
|
| |
(Aug 7) |
| |
Firefox security release. See:https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/
|
| |
(Aug 7) |
| |
Firefox security release. See:https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/
|
| |
(Aug 7) |
| |
https://https://www.drupal.org/project/cck
|
| |
(Aug 7) |
| |
Latest upstream security release:http://www.lighttpd.net/2015/7/26/1.4.36/
|
| |
(Aug 7) |
| |
https://https://www.drupal.org/project/cck
|
| |
(Aug 7) |
| |
Security fix for CVE-2015-5059
|
| |
(Aug 7) |
| |
Latest upstream security release:http://www.lighttpd.net/2015/7/26/1.4.36/
|
| |
(Aug 7) |
| |
Security fix for CVE-2015-5059
|
| |
(Aug 7) |
| |
* OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification
|
| |
(Aug 7) |
| |
* OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification
|
| |
(Aug 7) |
| |
* OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification
|
| |
(Aug 7) |
| |
* OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification
|
| |
(Aug 7) |
| |
This update fixes CVE-2015-1856, unauthorized deletion of versioned Swift object.
|
|
|
|
| |
Red Hat: 2015:1623-01: kernel: Important Advisory (Aug 13) |
| |
Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1603-01: flash-plugin: Critical Advisory (Aug 12) |
| |
An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security [More...]
|
| |
Red Hat: 2015:1583-01: kernel: Moderate Advisory (Aug 11) |
| |
Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Moderate security [More...]
|
| |
Red Hat: 2015:1581-01: firefox: Important Advisory (Aug 7) |
| |
Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security [More...]
|
| |
Red Hat: 2015:1565-01: kernel-rt: Moderate Advisory (Aug 6) |
| |
Updated kernel-rt packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. [More...]
|
| |
Red Hat: 2015:1564-01: kernel-rt: Moderate Advisory (Aug 6) |
| |
Updated kernel-rt packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.5. [More...]
|
| |
Red Hat: 2015:1534-01: kernel: Moderate Advisory (Aug 6) |
| |
Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security [More...]
|
|
|
|
| |
(Aug 7) |
| |
New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues. [More Info...]
|
| |
(Aug 7) |
| |
New mozilla-nss packages are available for Slackware 14.0, 14.1, and -current to fix security issues. [More Info...]
|
|
|
|
| |
Ubuntu: 2702-2: Ubufox update (Aug 11) |
| |
This update provides compatible packages for Firefox 40.
|
| |
Ubuntu: 2702-1: Firefox vulnerabilities (Aug 11) |
| |
Firefox could be made to crash or run programs as your login if itopened a malicious website.
|
| |
Ubuntu: 2707-1: Firefox vulnerability (Aug 7) |
| |
Firefox could be made to expose sensitive information from local files.
|
| |
Ubuntu: 2705-1: Keystone vulnerabilities (Aug 6) |
| |
Keystone could be made to expose sensitive information over thenetwork.
|
| |
Ubuntu: 2703-1: Cinder vulnerability (Aug 6) |
| |
Cinder could be made to access unintended files over the network by anauthenticated user.
|
| |
Ubuntu: 2704-1: Swift vulnerabilities (Aug 6) |
| |
Several security issues were fixed in Swift.
|
