Original release date: January 06, 2016
WordPress 4.4 and prior versions contain a cross-site scripting vulnerability. Exploitation of this vulnerability could allow a remote attacker to take control of an affected website.
Users and administrators are encouraged to review the WordPress Security and Maintenance Release and upgrade to WordPress 4.4.1.
This product is provided subject to this Notification and this Privacy & Use policy.
CentOS Errata and Bugfix Advisory 2016:0002 Upstream details at : https://rhn.redhat.com/errata/RHBA-2016-0002.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 7e2ab2cf82fbb91e2705746f579463cb8a8f9259f3dbbd7f1e0d08101f9cbc0e kernel-3.10.0-327.4.4.el7.x86_64.rpm aa9e1d6cee8747fb74ef6f2cca069e919c9909580eb846a4d05de2574db96623 kernel-abi-whitelists-3.10.0-327.4.4.el7.noarch.rpm f0db6c0c7b44f740c396ab9a56ce9f7c770a3d6e8bb5d432665ac0d915e0080b kernel-debug-3.10.0-327.4.4.el7.x86_64.rpm 52590c85660d52201abbbd6986169ddc0269caf36ad6e7b38e265d95ccfa6053 kernel-debug-devel-3.10.0-327.4.4.el7.x86_64.rpm 69a392d2c99eafdd40c80c9ef6bf43c7b540e4e3c9d8805dd82b69a046959cbf kernel-devel-3.10.0-327.4.4.el7.x86_64.rpm a28949026b9170097a3ec2c63cf968e0e09d3ee3f3664ad2521310507e4d956d kernel-doc-3.10.0-327.4.4.el7.noarch.rpm fd366b13d996bd55c13539d1fad1433c44c24173a801b31c16ee97251efeb0f8 kernel-headers-3.10.0-327.4.4.el7.x86_64.rpm a53fe9abb68b9840cfc7a66439af4a46e889704bb176f0e5d9a5a107598c2b34 kernel-tools-3.10.0-327.4.4.el7.x86_64.rpm 30d9584a2ef11b6a5e4578d3529aafdd821fd65e1cce5c3f24c5ebd495a0caed kernel-tools-libs-3.10.0-327.4.4.el7.x86_64.rpm 8a7f58816bb36560487d67127d6e3734d9a60294f558c5d3f10bd77f090a2ec1 kernel-tools-libs-devel-3.10.0-327.4.4.el7.x86_64.rpm 14bf52cd1043859b46615748e526a0d27f72bc5f8b8b669e2e1f1c78174701fe perf-3.10.0-327.4.4.el7.x86_64.rpm 071cae64988a996a01abddc2190f5f2a104d4196e998c119fe41f6f00c482105 python-perf-3.10.0-327.4.4.el7.x86_64.rpm Source: 7f2e7d516c0f15646a94a4e8437d3872bb512a907d8362fc9aab34bfa935ee3e kernel-3.10.0-327.4.4.el7.src.rpm
CentOS Errata and Security Advisory 2016:0001 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0001.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: a69df80102880cd0aaf81eb51142278c07afbf3179844965ad51f6a95daf15a1 thunderbird-38.5.0-1.el7.centos.x86_64.rpm Source: 835edf9cb46fe7bea598502607a94d0237aaa8401631191d508a428106109f9e thunderbird-38.5.0-1.el7.centos.src.rpm
CentOS Errata and Bugfix Advisory 2016:0003 Upstream details at : https://rhn.redhat.com/errata/RHBA-2016-0003.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 06646ae1714979c117928d35562b3a35e96ca5072061787099fb76ac82be2780 grub2-2.02-0.34.el7.centos.x86_64.rpm fc1a4217ca08f410c3313384e47884993146e461eea2a2cb5a544bbef2334d9d grub2-efi-2.02-0.34.el7.centos.x86_64.rpm 3909345fd3709f3f5651e1b682562f050dfe546ecaf0362c1615738467fe6d6d grub2-efi-modules-2.02-0.34.el7.centos.x86_64.rpm b9d0e2025da4f1e226fb2731ec8bb9657ef13e1ea50037fbf2dba48a177a378f grub2-tools-2.02-0.34.el7.centos.x86_64.rpm Source: 622fe616ae383de191984d6aad0d336b3d574c14b4e14d8b7a571f22fc0953f4 grub2-2.02-0.34.el7.centos.src.rpm
CentOS Errata and Security Advisory 2016:0001 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0001.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 715e0fac40c522525dd0e39ff60bda9e71a05c51ea7b7d1000725e41ab77c5a6 thunderbird-38.5.0-1.el5.centos.i386.rpm x86_64: dc71d5ad852ce569f744e405afadd05d9e5c48b8fb998374b6630054bcd41460 thunderbird-38.5.0-1.el5.centos.x86_64.rpm Source: 698da45cda1e00d77e9a6222c613c91274840e80e1e56259a4301942094caa2c thunderbird-38.5.0-1.el5.centos.src.rpm
A number of issues exist in the content management system Drupal that could lead to code execution and the theft of database credentials via a man-in-the-middle attack, a researcher warns.
CentOS Errata and Security Advisory 2016:0001 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0001.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: dd947c6de043a4e0eadb46b19fe7b6c54807aabcea5b5e55e0c872d9d508d78f thunderbird-38.5.0-1.el6.centos.i686.rpm x86_64: 1803156e283ae500bfa4b0611ab19ec5ab055ceb9c58863f56b81e50a3f7d7a4 thunderbird-38.5.0-1.el6.centos.x86_64.rpm Source: 12400b151d4ad5f8c0f5e00f5da02d75cccc81b6fe0b33433bc55ffeb375b4f5 thunderbird-38.5.0-1.el6.centos.src.rpm
WordPress 4.4.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.4 and earlier are affected by a cross-site scripting vulnerability that could allow a site to be compromised. This was reported by Crtc4L.
There were also several non-security bug fixes:
WordPress 4.4.1 fixes 52 bugs from 4.4. For more information, see the release notes or consult the list of changes.
Download WordPress 4.4.1 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.4.1.
Thanks to everyone who contributed to 4.4.1:
Aaron D. Campbell, Aaron Jorbin, Andrea Fercia, Andrew Nacin, Andrew Ozz, Boone Gorges, Compute, Daniel Jalkut (Red Sweater), Danny van Kooten, Dion Hulse, Dominik Schilling (ocean90), Dossy Shiobara, Evan Herman, Gary Pendergast, gblsm, Hinaloe, Ignacio Cruz Moreno, jadpm, Jeff Pye Brook, Joe McGill, John Blackbourn, jpr, Konstantin Obenland, KrissieV, Marin Atanasov, Matthew Ell, Meitar, Pascal Birchler, Peter Wilson, Roger Chen, Ryan McCue, Sal Ferrarello, Scott Taylor, scottbrownconsulting, Sergey Biryukov, Shinichi Nishikawa, smerriman, Stephen Edgar, Stephen Harris, tharsheblows, voldemortensen, and webaware.
Wi-Fi in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Wi-Fi information by leveraging access to the local physical environment, aka internal bug 25266660.
mediaserver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 25070493 and 24686670.