Monthly Archives: July 2015

Security

Red Hat Security Advisory 2015-1513-01

Red Hat Security Advisory 2015-1513-01 – The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet.

Fedora

Fedora 22 Security Update: wordpress-4.2.3-1.fc22

Resolved Bugs
1246396 – CVE-2015-5622 CVE-2015-5623 wordpress: cross-site scripting and permission issue fixed in
1246398 – CVE-2015-5622 CVE-2015-5623 wordpress: cross-site scripting and permission issue fixed in [fedora-all]<br
**WordPress 4.2.3 Security and Maintenance Release**
WordPress 4.2.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site. This was initially reported by Jon Cave and fixed by Robert Chapin, both of the WordPress security team, and later reported by Jouko Pynnönen.
We also fixed an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft. Reported by Netanel Rubin from Check Point Software Technologies.
Our thanks to those who have practiced responsible disclosure of security issues.
WordPress 4.2.3 also contains fixes for 20 bugs from 4.2. For more information, see:
* the release notes: https://codex.wordpress.org/Version_4.2.3
* the list of changes: https://core.trac.wordpress.org/log/branches/4.2?rev=33382&stop_rev=32430

Fedora

Fedora 21 Security Update: wordpress-4.2.3-1.fc21

Resolved Bugs
1246396 – CVE-2015-5622 CVE-2015-5623 wordpress: cross-site scripting and permission issue fixed in
1246398 – CVE-2015-5622 CVE-2015-5623 wordpress: cross-site scripting and permission issue fixed in [fedora-all]<br
**WordPress 4.2.3 Security and Maintenance Release**
WordPress 4.2.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site. This was initially reported by Jon Cave and fixed by Robert Chapin, both of the WordPress security team, and later reported by Jouko Pynnönen.
We also fixed an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft. Reported by Netanel Rubin from Check Point Software Technologies.
Our thanks to those who have practiced responsible disclosure of security issues.
WordPress 4.2.3 also contains fixes for 20 bugs from 4.2. For more information, see:
* the release notes: https://codex.wordpress.org/Version_4.2.3
* the list of changes: https://core.trac.wordpress.org/log/branches/4.2?rev=33382&stop_rev=32430