New WatchGuard XTM 330 Appliance Gets Top Honors from PC Pro Magazine
WordPress 3.4.1 is now available for download. WordPress 3.4 has been a very smooth release, and copies are flying off the shelf — 3 million downloads in two weeks!Â This maintenance release addressesÂ 18 bugs with version 3.4, including:
Version 3.4.1 also fixes a few security issues and contains some security hardening. The vulnerabilities included potential information disclosure as well as an bug that affects multisite installs with untrusted users. These issues were discovered and fixed by the WordPress security team.
Download 3.4.1Â now or visit Dashboard â Updates in your site admin to update now.
Green was a bit green
We have hardened it up some
Update WordPress now
The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding. (CVSS:2.6) (Last Update:2013-05-14)
The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket.
Rene Engelhard uploaded new packages for libreoffice which fixed the following security problem: CVE-2012-1149 Integer overflows in PNG image handling For the squeeze-backports distribution the problems have been fixed in version 1:3.4.6-2~bpo60+2.
Micah Anderson uploaded new packages for strongswan which fixed the following security problems: CVE-2012-2388 An authentication bypass issue was discovered by the Codenomicon CROSS project in strongSwan, an IPsec-based VPN solution. When using RSA-based setups, a missing check in the gmp plugin could allow an attacker presenting a forged signature to successfully authenticate against a strongSwan responder. For the squeeze-backports distribution the problems have been fixed in version 4.5.2-1.4~bpo60+1