Aktualizacje bezpieczeństwa

DSA-4252 znc

Debian Security - śr., 18/07/2018 - 00:00
security update

DSA-4251 vlc

Debian Security - śr., 18/07/2018 - 00:00
security update

DSA-4250 wordpress

Debian Security - śr., 18/07/2018 - 00:00
security update

DSA-4249 ffmpeg

Debian Security - wt., 17/07/2018 - 00:00
security update

DSA-4248 blender

Debian Security - wt., 17/07/2018 - 00:00
security update

DSA-4247 ruby-rack-protection

Debian Security - pon., 16/07/2018 - 00:00
security update

DSA-4246 mailman

Debian Security - ndz., 15/07/2018 - 00:00
security update

DSA-4245 imagemagick

Debian Security - sob., 14/07/2018 - 00:00
security update

DSA-4244 thunderbird

Debian Security - pt., 13/07/2018 - 00:00
security update

DSA-4243 cups

Debian Security - śr., 11/07/2018 - 00:00
security update

DSA-4242 ruby-sprockets

Debian Security - pon., 09/07/2018 - 00:00
security update

WordPress 4.9.7 Security and Maintenance Release

WordPress News » Security - czw., 05/07/2018 - 19:00

WordPress 4.9.7 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.

WordPress versions 4.9.6 and earlier are affected by a media issue that could potentially allow a user with certain capabilities to attempt to delete files outside the uploads directory.

Thank you to Slavco for reporting the original issue and Matt Barry for reporting related issues.

Seventeen other bugs were fixed in WordPress 4.9.7. Particularly of note were:

  • Taxonomy: Improve cache handling for term queries.
  • Posts, Post Types: Clear post password cookie when logging out.
  • Widgets: Allow basic HTML tags in sidebar descriptions on Widgets admin screen.
  • Community Events Dashboard: Always show the nearest WordCamp if one is coming up, even if there are multiple Meetups happening first.
  • Privacy: Make sure default privacy policy content does not cause a fatal error when flushing rewrite rules outside of the admin context.

Download WordPress 4.9.7 or venture over to Dashboard → Updates and click “Update Now.” Sites that support automatic background updates are already beginning to update automatically.

The previously scheduled 4.9.7 is now referred to as 4.9.8, and will follow the release schedule posted yesterday.

Thank you to everyone who contributed to WordPress 4.9.7:

1naveengiri, Aaron Jorbin, abdullahramzan, alejandroxlopez, Andrew Ozz, Arun, Birgir Erlendsson (birgire), BjornW, Boone Gorges, Brandon Kraft, Chetan Prajapati, David Herrera, Felix Arntz, Gareth, Ian Dunn, ibelanger, John Blackbourn, Jonathan Desrosiers, Joy, khaihong, lbenicio, Leander Iversen, mermel, metalandcoffee, Migrated to @jeffpaul, palmiak, Sergey Biryukov, skoldin, Subrata Sarkar, Towhidul Islam, warmlaundry, and YuriV.

DSA-4241 libsoup2.4

Debian Security - czw., 05/07/2018 - 00:00
security update

DSA-4240 php7.0

Debian Security - czw., 05/07/2018 - 00:00
security update

DSA-4239 gosa

Debian Security - wt., 03/07/2018 - 00:00
security update

DSA-4238 exiv2

Debian Security - wt., 03/07/2018 - 00:00
security update

DSA-4237 chromium-browser

Debian Security - sob., 30/06/2018 - 00:00
security update

DSA-4236 xen

Debian Security - śr., 27/06/2018 - 00:00
security update

DSA-4235 firefox-esr

Debian Security - śr., 27/06/2018 - 00:00
security update

[20180602] - Core - XSS vulnerability in language switcher module

Joomla Security Centre - wt., 26/06/2018 - 15:30
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Low
  • Versions: 1.6.0 through 3.8.8
  • Exploit type: XSS
  • Reported Date: 2018-May-07
  • Fixed Date: 2018-June-26
  • CVE Number: CVE-2018-12711
Description

In some cases the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page url.

Affected Installs

Joomla! CMS versions 1.6.0 through 3.8.8

Solution

Upgrade to version 3.8.9

Contact

The JSST at the Joomla! Security Centre.

Reported By: Borja Lorenzo, Innotecsystem