A new advanced malware program targeting point-of-sale terminals is putting customer credit card details at risk, following a number of similar attacks already this year.
The post New malware ‘Punkey’ detected in new point-of-sale attack appeared first on We Live Security.
R50f is a required security and bugfix release:
* Add a patch marker for vendor patch versioning to mksh.1
* SECURITY: make unset HISTFILE actually work
* Document some more issues with the current history code
* Remove some unused code
* RCSID-only sync with OpenBSD, for bogus and irrelevant changes
* Also disable field splitting for alias ‘local= ypeset’
* Fix read -n-1 to not be identical to read -N-1
* Several fixes and improvements to lksh(1) and mksh(1) manpages
* More code (int → size_t), comment and testsuite fixes
* Make dot.mkshrc more robust (LP#1441853)
* Fix issues with IFS=” read, found by edualbus
* Fix integer overflows related to file descriptor parsing, found by Pawel Wylecial (LP#1440685); reduce memory usage for I/O redirs
* Document in the manpage how to set ±U according to the current locale settings via LANG/LC_* parameters (cf. Debian #782225)
* Some code cleanup and restructuring
* Handle number parsing and storing more carefully
R50f is a required security and bugfix release:
* Add a patch marker for vendor patch versioning to mksh.1
* SECURITY: make unset HISTFILE actually work
* Document some more issues with the current history code
* Remove some unused code
* RCSID-only sync with OpenBSD, for bogus and irrelevant changes
* Also disable field splitting for alias ‘local= ypeset’
* Fix read -n-1 to not be identical to read -N-1
* Several fixes and improvements to lksh(1) and mksh(1) manpages
* More code (int → size_t), comment and testsuite fixes
* Make dot.mkshrc more robust (LP#1441853)
* Fix issues with IFS=” read, found by edualbus
* Fix integer overflows related to file descriptor parsing, found by Pawel Wylecial (LP#1440685); reduce memory usage for I/O redirs
* Document in the manpage how to set ±U according to the current locale settings via LANG/LC_* parameters (cf. Debian #782225)
* Some code cleanup and restructuring
* Handle number parsing and storing more carefully
This update provides a security fix related to the Nasal scripting language.
WordPress 4.1.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. This was reported by Cedric Van Bockhaven and fixed by Gary Pendergast, Mike Adams, and Andrew Nacin of the WordPress security team.
We also fixed three other security issues:
We also made four hardening changes, discovered by J.D. Grimes, Divyesh Prajapati, Allan Collins and Marc-Alexandre Montpas.
We appreciated the responsible disclosure of these issues directly to our security team. For more information, see the release notes or consult the list of changes.
Download WordPress 4.1.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.1.2.
Thanks to everyone who contributed to 4.1.2: Allan Collins, Alex Concha, Andrew Nacin, Andrew Ozz, Ben Bidner, Boone Gorges, Dion Hulse, Dominik Schilling, Drew Jaynes, Gary Pendergast, Helen Hou-Sandí, John Blackburn and Mike Adams.
A number of plugins also released security fixes yesterday. Keep everything updated to stay secure. If you’re a plugin author, please read this post to confirm that your plugin is not affected by the same issue. Thank you to all of the plugin authors who worked closely with our security team to ensure a coordinated response.
Already testing WordPress 4.2? The third release candidate is now available (zip) and it contains these fixes. For more on 4.2, see the RC 1 announcement post.
This is an update fixing crash when processing ROSE packets.
R50f is a required security and bugfix release:
* Add a patch marker for vendor patch versioning to mksh.1
* SECURITY: make unset HISTFILE actually work
* Document some more issues with the current history code
* Remove some unused code
* RCSID-only sync with OpenBSD, for bogus and irrelevant changes
* Also disable field splitting for alias ‘local= ypeset’
* Fix read -n-1 to not be identical to read -N-1
* Several fixes and improvements to lksh(1) and mksh(1) manpages
* More code (int → size_t), comment and testsuite fixes
* Make dot.mkshrc more robust (LP#1441853)
* Fix issues with IFS=” read, found by edualbus
* Fix integer overflows related to file descriptor parsing, found by Pawel Wylecial (LP#1440685); reduce memory usage for I/O redirs
* Document in the manpage how to set ±U according to the current locale settings via LANG/LC_* parameters (cf. Debian #782225)
* Some code cleanup and restructuring
* Handle number parsing and storing more carefully
Resolved Bugs
1210748 – CVE-2015-0840 dpkg: source package integrity verification bypass
1210749 – CVE-2015-0840 dpkg: source package integrity verification bypass [fedora-all]
1162166 – CVE-2014-8625 dpkg: format string vulnerability
1162168 – CVE-2014-8625 dpkg: format string vulnerability [fedora-all]<br
Security fix for CVE-2014-8625 and Security fix for CVE-2015-0840
This is an update Fixing crash when processing ROSE packets.
This update provides a security fix related to the Nasal scripting language.