Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to obtain sensitive information via vectors related to “Inadequate filtering” and a “SQL error.” (CVSS:5.0) (Last Update:2012-07-17)
CVE-2012-3829
Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header. (CVSS:5.0) (Last Update:2012-07-17)
CVE-2012-3828
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the Host HTTP Header. (CVSS:4.3) (Last Update:2012-07-17)
WatchGuard XTM 330 Makes PC Pro "A-List"
New WatchGuard XTM 330 Appliance Gets Top Honors from PC Pro Magazine
WordPress 3.4.1 Maintenance and Security Release
WordPress 3.4.1 is now available for download. WordPress 3.4 has been a very smooth release, and copies are flying off the shelf — 3 million downloads in two weeks! This maintenance release addresses 18 bugs with version 3.4, including:
- Fixes an issue where a theme’s page templates were sometimes not detected.
- Addresses problems with some category permalink structures.
- Better handling for plugins or themes loading JavaScript incorrectly.
- Adds early support for uploading images on iOS 6 devices.
- Allows for a technique commonly used by plugins to detect a network-wide activation.
- Better compatibility with servers running certain versions of PHP (5.2.4, 5.4) or with uncommon setups (safe mode, open_basedir), which had caused warnings or in some cases prevented emails from being sent.
Version 3.4.1 also fixes a few security issues and contains some security hardening. The vulnerabilities included potential information disclosure as well as an bug that affects multisite installs with untrusted users. These issues were discovered and fixed by the WordPress security team.
Download 3.4.1 now or visit Dashboard → Updates in your site admin to update now.
Green was a bit green
We have hardened it up some
Update WordPress now
CVE-2011-4940
The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding. (CVSS:2.6) (Last Update:2013-05-14)
CVE-2011-4914 (linux_kernel, suse_linux_enterprise_server)
The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket.
[BSA-074] Security update for libreoffice
Rene Engelhard uploaded new packages for libreoffice which fixed
the following security problem:
CVE-2012-1149
Integer overflows in PNG image handling
For the squeeze-backports distribution the problems have been fixed in
version 1:3.4.6-2~bpo60+2.
Oracle Java SE Critical Patch Update Advisory – June 2012
[BSA-073] Security Update for strongswan
Micah Anderson uploaded new packages for strongswan which fixed the following security problems: CVE-2012-2388 An authentication bypass issue was discovered by the Codenomicon CROSS project in strongSwan, an IPsec-based VPN solution. When using RSA-based setups, a missing check in the gmp plugin could allow an attacker presenting a forged signature to successfully authenticate against a strongSwan responder. For the squeeze-backports distribution the problems have been fixed in version 4.5.2-1.4~bpo60+1