WordPress 4.5.2 Security Release
FYI...
WordPress 4.5.2 Security Release
- https://wordpress.org/news/2016/05/wordpress-4-5-2/
May 6, 2016 - "WordPress 4.5.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library WordPress uses for uploading files. WordPress versions 4.2 through 4.5.1 are vulnerable to reflected XSS using specially crafted URIs through MediaElement.js, the third-party library used for media players. MediaElement.js and Plupload have also released updates fixing these issues..."
Release notes
- https://codex.wordpress.org/Version_4.5.2
Changelog
- https://codex.wordpress.org/Version_4.5.2
Download
> https://wordpress.org/download/
"The latest stable release of WordPress (Version 4.5.2) is available..."
___
- http://www.securitytracker.com/id/1035818
CVE Reference: CVE-2016-4566, CVE-2016-4567
May 10 2016
Version(s): 4.5.1 and prior ...
Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the WordPress software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (4.5.2)...
___
- https://www.us-cert.gov/ncas/current...curity-Updates
May 09, 2016
:fear::fear:
iOS 9.3.2, iTunes 12.4, Safari 9.1.1, OS X v10.11.5, tvOS 9.2.1 released
FYI...
- https://support.apple.com/en-us/HT201222
iOS 9.3.2 update appears to be bricking iPads
- http://www.theregister.co.uk/2016/05..._bricks_ipads/
17 May 2016 - "... Reports of borked iPads emerged on Twitter thanks reportedly to a hardware issue requiring users to possibly restore their devices or contact support... Users have Tweeted* to Apple Support (@AppleSupport) with complaints their iPads -cannot- be restored through iTunes..."
* https://twitter.com/AppleSupport/with_replies
___
iOS 9.3.2
- https://support.apple.com/en-us/HT206568
Last Modified: May 23, 2016 - "Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later..."
> http://www.securitytracker.com/id/1035890
CVE Reference: CVE-2016-1790, CVE-2016-1801, CVE-2016-1802, CVE-2016-1803, CVE-2016-1807, CVE-2016-1808, CVE-2016-1811, CVE-2016-1813, CVE-2016-1814, CVE-2016-1817, CVE-2016-1818, CVE-2016-1819, CVE-2016-1823, CVE-2016-1824, CVE-2016-1827, CVE-2016-1828, CVE-2016-1829, CVE-2016-1830, CVE-2016-1831, CVE-2016-1832, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-1841, CVE-2016-1842, CVE-2016-1847, CVE-2016-1852
May 17 2016
Version(s): prior to 9.3.2 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can cause the target system to crash.
A remote or local user can obtain potentially sensitive information on the target system.
A remote user can gain elevated privileges on the target system.
Solution: The vendor has issued a fix (9.3.2)...
___
iTunes 12.4
- https://support.apple.com/en-us/HT206379
May 16, 2016 - "Available for: Windows 7 and later..."
> http://www.securitytracker.com/id/1035887
CVE Reference: CVE-2016-1742
May 17 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 12.4 ...
Impact: A local user can obtain elevated privileges on the target system.
Solution: The vendor has issued a fix (12.4)...
___
Safari 9.1.1
- https://support.apple.com/en-us/HT206565
May 16, 2016 - "Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5..."
> http://www.securitytracker.com/id/1035888
CVE Reference: CVE-2016-1849, CVE-2016-1854, CVE-2016-1855, CVE-2016-1856, CVE-2016-1857, CVE-2016-1858, CVE-2016-1859
May 17 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 9.1.1 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (9.1.1)...
___
OS X El Capitan v10.11.5 and Security Update 2016-003
- https://support.apple.com/en-us/HT206567
May 16, 2016
> http://www.securitytracker.com/id/1035895
CVE Reference: CVE-2016-1791, CVE-2016-1792, CVE-2016-1793, CVE-2016-1794, CVE-2016-1795, CVE-2016-1796, CVE-2016-1797, CVE-2016-1798, CVE-2016-1799, CVE-2016-1800, CVE-2016-1804, CVE-2016-1805, CVE-2016-1806, CVE-2016-1809, CVE-2016-1810, CVE-2016-1812, CVE-2016-1815, CVE-2016-1816, CVE-2016-1820, CVE-2016-1821, CVE-2016-1822, CVE-2016-1825, CVE-2016-1826, CVE-2016-1843, CVE-2016-1844, CVE-2016-1846, CVE-2016-1848, CVE-2016-1850, CVE-2016-1851, CVE-2016-1853
May 17 2016
Fix Available: Yes Vendor Confirmed: Yes
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote or local user can modify data on the target system.
A remote user can cause denial of service conditions.
A local user can obtain elevated privileges on the target system.
A remote user can gain elevated privileges on the target system.
Solution: The vendor has issued a fix (10.11.5 and Security Update 2016-003)...
___
tvOS 9.2.1
- https://support.apple.com/en-us/HT206564
May 16, 2016
> http://www.securitytracker.com/id/1035893
May 17 2016
___
watchOS 2.2.1
- https://support.apple.com/en-us/HT206566
May 16, 2016
> http://www.securitytracker.com/id/1035894
May 17 2016
___
- https://www.us-cert.gov/ncas/current...curity-Updates
May 16, 2016
:fear::fear::fear:
Thunderbird 45.1.1 released
FYI...
Thunderbird 45.1.1 released
- https://www.mozilla.org/en-US/thunde.../releasenotes/
May 31, 2016
What’s New:
Fixed: When entering members into a mailing list, the enter key dismissed the panel instead of just moving onto the next line
Fixed: Email without HTML elements was sent as HTML, despite "Delivery Format: Auto-detect" option
Fixed: Options applied to a template were lost when the template was used.
Fixed: Contacts could not be deleted when they were found through a search
Fixed: Views from global searches did not respect "mail.threadpane.use_correspondents"
- https://www.mozilla.org/en-US/securi...s/thunderbird/
> https://www.mozilla.org/en-US/thunderbird/releases/
>> https://www.mozilla.org/en-US/thunderbird/all/
___
Thunderbird 45.1.0 released
- https://www.mozilla.org/en-US/thunde.../releasenotes/
May 10, 2016
What’s New
Fixed:
- Drag & Drop a contact name from Thunderbird address book (list view) to address box in a new message “compose” window failed.
- UI elements became larger when moused over on retina displays/monitor on Mac OS X
- Automatic correspondents column upgrade disabled
- DIGEST-MD5 authentication in JS-XMPP failed for some users (now disabled).
- Font indicator in compose falsely claimed certain fonts were not installed.
- Printing failed in composition window.
- Various security fixes*
- Various improvements in handling of message compose in paragraph mode.
* https://www.mozilla.org/en-US/securi...hunderbird45.1
Fixed in Thunderbird 45.1
2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8)
> https://www.mozilla.org/en-US/thunderbird/releases/
>> https://www.mozilla.org/en-US/thunderbird/all/
:fear:
Adblock Plus 1.12 for Chrome, Opera and Safari released
FYI...
Adblock Plus 1.12 for Chrome, Opera and Safari released
- https://adblockplus.org/releases/adb...afari-released
2016-06-01
Install Adblock Plus 1.12 for Chrome
Install Adblock Plus 1.12 for Opera
Install Adblock Plus 1.12 for Safari (Safari 6 or higher required)
This release features experimental Safari Content Blocking support. So if you’re on Safari 9, you can try out the new (faster) blocking mechanism now by enabling it in the options. But please read the announcement* first; as that feature is still experimental and Content Blockers have some limitations, there are some caveats. However, Content Blockers will eventually completely replace the old mechanism we relied on so far on Safari.
* https://adblockplus.org/development-...ocking-support
There also have been some bug fixes and other improvements for all platforms which are listed below, and some changes under the hood which aren’t visible to the user.
Changes:
- Improved performance of element hiding, reducing page load times (issue 235, issue 4038, issue 4036).
- Fixed a regression, introduced with the previous release, which caused the Adblock Warning Removal List to not be added anymore (issue 3772).
- Prevent websites from circumventing element hiding by removing or disabling the stylesheet (issue 3699).
- Prevent websites from showing previously blocked elements (issue 3840).
Chrome/Opera-only changes:
- Added an option to hide the Adblock Plus developer tools panel (issue 3796).
- Prevent websites from tricking users into adding subscriptions by simulating clicks on abp:subscribe links (issue 3828).
- Worked around a Chrome bug that broke the feedback functionality on blogger.com (issue 2687).
- Administrators deploying Adblock Plus via group policy can now configure additional subscriptions (issue 3801).
- Starting with this release, there are unified builds for Chrome and Opera, using the exact same code on both browsers (issue 3760).
Safari-only changes:
- Added experimental support for Safari Content Blocking (see above, issue 3687).
- Fixed: Wrong domain was whitelisted by icon menu after navigating through the history (issue 3924)...
:fear::fear::fear:
Apple - AirPort Base Station - Firmware Update
FYI...
Apple - AirPort Base Station - Firmware Update 7.6.7 and 7.7.7
- https://support.apple.com/en-us/HT206849
Jun 20, 2016
- http://www.securitytracker.com/id/1036136
CVE Reference: CVE-2015-7029
Jun 21 2016
Fix Available: Yes Vendor Confirmed: Yes ...
Impact: A remote user can execute arbitrary code on the target system.
Solution: The vendor has issued a fix (7.6.7, 7.7.7)...
- https://www.us-cert.gov/ncas/current...ecurity-Update
June 21, 2016
:fear:
Avast to acquire AVG - $1.3B
FYI...
Avast to acquire AVG - $1.3B
- https://www.yahoo.com/news/avast-acq...--finance.html
July 7, 2016 PRAGUE (AP) - "Avast Software says it is acquiring its anti-virus rival AVG Technologies N.V. in a $1.3 billion deal. Prague-based Avast says it is ready to pay $25 per share in cash for Amsterdam-based AVG, 33 percent above Wednesday's closing price on the New York Stock Exchange after the two signed a deal on it. Avast said Thursday the deal is meant to "gain scale, technological depth and geographical breadth." It aims to "take advantage of emerging growth opportunities in internet security as well as organizational efficiencies" with a goal to becoming serious competition for the global leaders in the internet security business. The companies have over 400 million users combined. Avast says the transaction is expected to close between Sept 15 and Oct 15..."
:blink: