No Image

WordPress 4.2.4 Security and Maintenance Release

2015-08-05 KENNETH 0

출처 : https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/ WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov. It also includes a fix for a potential timing side-channel attack, discovered by Johannes Schmitt of Scrutinizer, and prevents an attacker from locking a post from being edited, discovered by Mohamed A. Baset. Our thanks to those who have practiced responsible disclosure of security issues. WordPress 4.2.4 also fixes four bugs. For more information, see the release notes or consult the list of changes. Download WordPress 4.2.4 or venture over to Dashboard → Updates and simply click “Update [ more… ]

No Image

WordPress 4.2.4 Security and Maintenance Release

2015-08-04 KENNETH 0

WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov. It also includes a fix for a potential timing side-channel attack, discovered by Johannes Schmitt of Scrutinizer, and prevents an attacker from locking a post from being edited, discovered by Mohamed A. Baset. Our thanks to those who have practiced responsible disclosure of security issues. WordPress 4.2.4 also fixes four bugs. For more information, see the release notes or consult the list of changes. Download WordPress 4.2.4 or venture over to Dashboard → Updates and simply click “Update Now.” Sites [ more… ]

No Image

WordPress 4.3 Release Candidate

2015-07-30 KENNETH 0

The release candidate for WordPress 4.3 is now available. We’ve made more than 100 changes since releasing Beta 4 a week ago. RC means we think we’re done, but with millions of users and thousands of plugins and themes, it’s possible we’ve missed something. We hope to ship WordPress 4.3 on Tuesday, August 18, but we need your help to get there. If you haven’t tested 4.3 yet, now is the time! Think you’ve found a bug? Please post to the Alpha/Beta support forum. If any known issues come up, you’ll be able to find them here. To test WordPress 4.3 RC1, you can use the WordPress Beta Tester plugin or you can download the release candidate here (zip). For more information about what’s new in version 4.3, check out the Beta 1, Beta 2, Beta 3, and Beta 4 blog [ more… ]

No Image

XE 1.8.7 RELEASE

2015-07-23 KENNETH 0

출처 : https://www.xpressengine.com/devlog/23047198 XE-1.8.7 버전이 업데이트 되었습니다. 이 버전은 1.8.6에서 발생하는 확장변수 관련 문제와 IE8에서의 파일첨부 기능의 문제를 해결합니다. 라고 되어있습니다.   다운로드 및 변경내역 정리 http://www.xpressengine.com/?mid=download&package_srl=18325662

No Image

openssl Alternative chains certificate forgery (CVE-2015-1793)

2015-07-22 KENNETH 0

  출처 : http://openssl.org/news/secadv_20150709.txt 엇.. 언제 이런 이슈가 나왔지??? 하고 뒤늦게 알게 된후.. centos6 centos7 모두 업데이트 기록을 조사해 봤으나 관련 이슈로 업데이트 된 기록이 없음.. 자세히 살펴보니 1.0.2c, 1.0.2b, 1.0.1n, 1.0.1o 이렇게 4가지 버전만 해당된다고… 다행인지 centos는 해당 버전을 사용하지 않기 때문에 비껴감.. ㅋㅋㅋ   원문 OpenSSL Security Advisory [9 Jul 2015] ======================================= Alternative chains certificate forgery (CVE-2015-1793) ====================================================== Severity: High During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and “issue” an invalid certificate. This issue will impact any [ more… ]