Monthly Archives: July 2015

Security

Red Hat Security Advisory 2015-1510-01

Red Hat Security Advisory 2015-1510-01 – Clutter is a library for creating fast, visually rich, graphical user interfaces. Clutter is used for rendering the GNOME desktop environment. A flaw was found in the way clutter processed certain mouse and touch gestures. An attacker could use this flaw to bypass the screen lock. All clutter users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, all applications using clutter must be restarted for the update to take effect.

Security

Ubuntu Security Notice USN-2686-1

Ubuntu Security Notice 2686-1 – It was discovered that the Apache HTTP Server incorrectly parsed chunk headers. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks. It was discovered that the Apache HTTP Server incorrectly handled the ap_some_auth_required API. A remote attacker could possibly use this issue to bypass intended access restrictions. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. Various other issues were also addressed.

Fedora

Fedora EPEL 7 Security Update: wordpress-4.2.3-1.el7

Resolved Bugs
1246396 – CVE-2015-5622 CVE-2015-5623 wordpress: cross-site scripting and permission issue fixed in
1246399 – CVE-2015-5622 CVE-2015-5623 wordpress: cross-site scripting and permission issue fixed in [epel-all]<br
**WordPress 4.2.3 Security and Maintenance Release**
WordPress 4.2.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site. This was initially reported by Jon Cave and fixed by Robert Chapin, both of the WordPress security team, and later reported by Jouko Pynnönen.
We also fixed an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft. Reported by Netanel Rubin from Check Point Software Technologies.
Our thanks to those who have practiced responsible disclosure of security issues.
WordPress 4.2.3 also contains fixes for 20 bugs from 4.2. For more information, see:
* the release notes: https://codex.wordpress.org/Version_4.2.3
* the list of changes: https://core.trac.wordpress.org/log/branches/4.2?rev=33382&stop_rev=32430

Fedora

Fedora EPEL 5 Security Update: wordpress-4.2.3-1.el5

Resolved Bugs
1246396 – CVE-2015-5622 CVE-2015-5623 wordpress: cross-site scripting and permission issue fixed in
1246399 – CVE-2015-5622 CVE-2015-5623 wordpress: cross-site scripting and permission issue fixed in [epel-all]<br
**WordPress 4.2.3 Security and Maintenance Release**
WordPress 4.2.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site. This was initially reported by Jon Cave and fixed by Robert Chapin, both of the WordPress security team, and later reported by Jouko Pynnönen.
We also fixed an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft. Reported by Netanel Rubin from Check Point Software Technologies.
Our thanks to those who have practiced responsible disclosure of security issues.
WordPress 4.2.3 also contains fixes for 20 bugs from 4.2. For more information, see:
* the release notes: https://codex.wordpress.org/Version_4.2.3
* the list of changes: https://core.trac.wordpress.org/log/branches/4.2?rev=33382&stop_rev=32430