WordPress plugin advisories ...
FYI...
"WordPress Plugin" search results ...
- https://secunia.com/advisories/searc...rdPress+Plugin
Found: 415 Secunia Security Advisories ...
Aug 31, 2012
- http://nakedsecurity.sophos.com/2012...alware-attack/
"... ensure that any software you run on your web server is also properly secured, and kept patched and current (that includes blogging software like WordPress and any plugins that it might use)."
:sad: :fear::fear:
Safari v6, Apple Xcode v4.4 released
FYI...
Safari v6 released
- http://support.apple.com/kb/HT5400
July 25, 2012
> http://lists.apple.com/archives/secu.../msg00000.html
APPLE-SA-2012-07-25-1 Safari 6.0
- https://secunia.com/advisories/50058/
Release Date: 2012-07-26
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, System access
Where: From remote...
Solution: Upgrade to Safari version 6.0 via Apple Software Update.
- http://www.securitytracker.com/id/1027307
CVE Reference: CVE-2011-3016, CVE-2011-3021, CVE-2011-3027, CVE-2011-3913, CVE-2012-0678, CVE-2012-0679, CVE-2012-0680, CVE-2012-0682, CVE-2012-0683, CVE-2012-1520, CVE-2012-2815, CVE-2012-3589, CVE-2012-3590, CVE-2012-3591, CVE-2012-3592, CVE-2012-3593, CVE-2012-3594, CVE-2012-3595, CVE-2012-3596, CVE-2012-3597, CVE-2012-3599, CVE-2012-3600, CVE-2012-3603, CVE-2012-3604, CVE-2012-3605, CVE-2012-3608, CVE-2012-3609, CVE-2012-3610, CVE-2012-3611, CVE-2012-3615, CVE-2012-3618, CVE-2012-3620, CVE-2012-3625, CVE-2012-3626, CVE-2012-3627, CVE-2012-3628, CVE-2012-3629, CVE-2012-3630, CVE-2012-3631, CVE-2012-3633, CVE-2012-3634, CVE-2012-3635, CVE-2012-3636, CVE-2012-3637, CVE-2012-3638, CVE-2012-3639, CVE-2012-3640, CVE-2012-3641, CVE-2012-3642, CVE-2012-3644, CVE-2012-3645, CVE-2012-3646, CVE-2012-3650, CVE-2012-3653, CVE-2012-3655, CVE-2012-3656, CVE-2012-3661, CVE-2012-3663, CVE-2012-3664, CVE-2012-3665, CVE-2012-3666, CVE-2012-3667, CVE-2012-3668, CVE-2012-3669, CVE-2012-3670, CVE-2012-3674, CVE-2012-3678, CVE-2012-3679, CVE-2012-3680, CVE-2012-3681, CVE-2012-3682, CVE-2012-3683, CVE-2012-3686, CVE-2012-3689, CVE-2012-3690, CVE-2012-3691, CVE-2012-3693, CVE-2012-3694, CVE-2012-3695, CVE-2012-3696, CVE-2012-3697
Jul 26 2012
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Version(s): prior to 6.0 ...
___
Apple Xcode v4.4 released
- https://secunia.com/advisories/50068/
Release Date: 2012-07-26
Impact: Hijacking, Security Bypass, Exposure of sensitive information
Where: From remote
CVE Reference(s): CVE-2011-3389, CVE-2012-3698
... weakness and the vulnerability are reported in versions prior to 4.4.
Solution: Update to version 4.4 via the Apple Developer site or via the App Store.
Original Advisory: APPLE-SA-2012-07-25-2:
http://support.apple.com/kb/HT5416
- http://www.securitytracker.com/id/1027302
CVE Reference: CVE-2012-3698
Jul 26 2012
Impact: Disclosure of authentication information, Disclosure of user information
Version(s): prior to 4.4
- http://www.securitytracker.com/id/1027303
CVE Reference: CVE-2011-3389
Jul 26 2012
Impact: Disclosure of user information
Version(s): prior to 4.4
:fear::fear:
PHP v5.4.6, 5.3.16 released
FYI...
PHP v5.4.6, 5.3.16 released
- http://www.php.net/
16-Aug-2012 - "... immediate availability of PHP 5.4.6 and PHP 5.3.16. These releases fix over 20 bugs. All users of PHP are encouraged to upgrade..."
Download
- http://www.php.net/downloads.php
ChangeLog
- http://www.php.net/ChangeLog-5.php
:fear:
OpenOffice v3.4.1 released
FYI...
OpenOffice v3.4.1 released
- https://blogs.apache.org/OOo/entry/a...penoffice_3_41
Aug 23, 2012 - "... OpenOffice 3.4.1 can be downloaded now from http://www.openoffice.org/download/ or by going to the 'Help/Check for Updates' dialog within OpenOffice 3.4 or 3.3..."
Release notes
- http://www.openoffice.org/developmen...ses/3.4.1.html
"... there were 69 verified issues that have been resolved..."
(More detail at the URL above.)
- http://h-online.com/-1674083
23 August 2012
___
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-2665 - 7.5 (HIGH)
Last revised: 09/07/2012
- http://www.openoffice.org/security/c...2012-2665.html
Versions Affected:
Apache OpenOffice 3.4.0, all languages, all platforms.
Earlier versions of OpenOffice.org may be also affected.
... upgrade to Apache OpenOffice 3.4.1...
- https://secunia.com/advisories/50438/
Release Date: 2012-08-28
Criticality level: Highly critical
Solution: Update to version 3.4.1.
:fear:
Thunderbird v15.0 released
FYI...
Thunderbird v15.0 released
- https://www.mozilla.org/en-US/thunde...0/releasenotes
August 28, 2012 ... See Known Issues
Security Advisories
- https://www.mozilla.org/security/kno...#thunderbird15
Fixed in Thunderbird 15 ...
Bugs fixed
- https://www.mozilla.org/en-US/thunde...s/buglist.html
Download
- https://www.mozilla.org/thunderbird/all.html
___
- http://www.securitytracker.com/id/1027452
CVE Reference: CVE-2012-1956, CVE-2012-1970, CVE-2012-1971, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964, CVE-2012-3966, CVE-2012-3967, CVE-2012-3968, CVE-2012-3969, CVE-2012-3970, CVE-2012-3971, CVE-2012-3972, CVE-2012-3974, CVE-2012-3975, CVE-2012-3978, CVE-2012-3980
Aug 29 2012
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Version(s): prior to ESR 10.0.7; prior to 15.0
- https://secunia.com/advisories/50308/
Release Date: 2012-08-29
Criticality level: Highly critical
Impact: Cross Site Scripting, Spoofing, Exposure of sensitive information, System access
Where: From remote...
For more information: https://secunia.com/SA50088/
Solution: Upgrade to version 15...
___
- http://h-online.com/-1677823
29 August 2012
:fear:
WordPress v3.4.2 released
FYI...
WordPress v3.4.2 released
- http://wordpress.org/download/
September 6, 2012 - "The latest stable release of WordPress (Version 3.4.2) is available..."
WordPress 3.4.2 Maintenance and Security Release
- https://wordpress.org/news/2012/09/wordpress-3-4-2/
September 6, 2012 - "WordPress 3.4.2, now available for download, is a maintenance and security release for all previous versions... we’ve identified and fixed a number of nagging bugs, including:
• Fix some issues with older browsers in the administration area.
• Fix an issue where a theme may not preview correctly, or its screenshot may not be displayed.
• Improve plugin compatibility with the visual editor.
• Address pagination problems with some category permalink structures.
• Avoid errors with both oEmbed providers and trackbacks.
• Prevent improperly sized header images from being uploaded.
Version 3.4.2 also fixes a few security issues and contains some security hardening...
- https://secunia.com/advisories/50515/
Release Date: 2012-09-07
Impact: Unknown, Security Bypass
Where: From remote
... security issue and vulnerability are reported in versions prior to 3.4.2.
Solution: Update to version 3.4.2.
Original Advisory: http://wordpress.org/news/2012/09/wordpress-3-4-2/
- http://h-online.com/-1702501
7 Sep 2012
___
"WordPress Plugin" search results ...
- https://secunia.com/advisories/searc...rdPress+Plugin
Found: 432 Secunia Security Advisories ...
Oct 15, 2012
:fear::fear:
Safari v6.0.1 / Mac OS X Security Update 2012-004
FYI...
Apple security updates
- https://support.apple.com/kb/HT1222
3x - 19 Sept 2012
___
Safari v6.0.1 for Mac OS X
- https://secunia.com/advisories/50577/
Release Date: 2012-09-20
Criticality level: Highly critical
Impact: Security Bypass, Exposure of sensitive information, System access
Where: From remote...
Solution: Update to version 6.0.1...
Original Advisory: Apple:
http://support.apple.com/kb/HT5502
> http://lists.apple.com/archives/secu.../msg00005.html
APPLE-SA-2012-09-19-3 Safari 6.0.1
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 and v10.8.1
- http://www.securitytracker.com/id/1027550
CVE Reference: CVE-2012-3713, CVE-2012-3714, CVE-2012-3715, CVE-2012-3598
Date: Sep 20 2012
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Version(s): prior to 6.0.1
___
Mac OS X multiple vulns - Security Update 2012-004
- https://secunia.com/advisories/50628/
Release Date: 2012-09-20
Criticality level: Highly critical
Impact: Security Bypass, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote...
Solution: Update to version 10.8.2 or 10.7.5 or apply Security Update 2012-004.
- http://lists.apple.com/archives/secu.../msg00004.html
APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004
- http://www.securitytracker.com/id/1027551
CVE Reference: CVE-2012-0650, CVE-2012-3716, CVE-2012-3718, CVE-2012-3719, CVE-2012-3720, CVE-2012-3721, CVE-2012-3722, CVE-2012-3723
Sep 20 2012
Impact: Denial of service via network, Disclosure of authentication information, Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network
... vendor's advisory is available at:
http://support.apple.com/kb/HT5501
:fear::fear: