Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 514
Alerts This Week
Warning Icon 1 514

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 98 articles for you...
87

Debian: DSA-5685-1 Critical: WordPress Multiple Security Issues

Several security vulnerabilities have been discovered in Wordpress, a popular content management framework, which may lead to exposure of sensitive information to an unauthorized actor in WordPress or allowing unauthenticated . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5685-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Markus Koschany May 08, 2024 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wordpress CVE ID : CVE-2023-2745 CVE-2023-5561 CVE-2023-38000 CVE-2023-39999 CVE-2024-31210 Debian Bug : 1036296 Several security vulnerabilities have been discovered in Wordpress, a popular content management framework, which may lead to exposure of sensitive information to an unauthorized actor in WordPress or allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack. Furthermore this update resolves a possible cross-site-scripting vulnerability, a PHP File Upload bypass via the plugin installer and a possible remote code execution vulnerability which requires an attacker to control all the properties of a deserialized object though. For the oldstable distribution (bullseye), these problems have been fixed in version 5.7.11+dfsg1-0+deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 6.1.6+dfsg1-0+deb12u1. We recommend that you upgrade your wordpress packages. For the detailed security status of wordpress please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/wordpress Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at:https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Urgent Ubuntu Notice USN-5000-1 highlights vulnerabilities in Joomla; update software to protect against potential data leaks and ensure application integrity.. WordPress Security Advisory, Debian Security Updates, WordPress Vulnerability Management. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 08, 2024 Critical Debian
197

Debian 10 Buster DLA-3756-1 Critical: Wordpress Remote Code Execution

Two security vulnerabilities have been discovered in Wordpress, a popular content management framework, a PHP File Upload bypass via the plugin installer and a possible remote code execution vulnerability which requires an attacker to control all the properties of a deserialized object. No CVE have . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3756-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Markus Koschany March 10, 2024 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : wordpress Version : 5.0.21+dfsg1-0+deb10u1 CVE ID : not yet available Two security vulnerabilities have been discovered in Wordpress, a popular content management framework, a PHP File Upload bypass via the plugin installer and a possible remote code execution vulnerability which requires an attacker to control all the properties of a deserialized object. No CVE have been assigned for these problems yet. https://wordpress.org/news/2024/01/wordpress-6-4-3-maintenance-and-security-release/ For Debian 10 buster, this problem has been fixed in version 5.0.21+dfsg1-0+deb10u1. We recommend that you upgrade your wordpress packages. For the detailed security status of wordpress please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/wordpress Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Enhance your Wordpress installations to remediate severe vulnerabilities disclosed in Debian's recent notice DLA-3756-1.. Wordpress Security Update, Debian LTS, Content Management Framework. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Mar 10, 2024 Critical Debian LTS
197

Debian 10: DLA-3659-1 Moderate: WordPress Data Breach Risk

Several security vulnerabilities have been discovered in Wordpress, a popular content management framework, which may lead to exposure of sensitive information to an unauthorized actor in WordPress or allowing unauthenticated attackers to discern the email addresses of users who have published public . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3658-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Markus Koschany November 20, 2023 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : wordpress Version : 5.0.20+dfsg1-0+deb10u1 CVE ID : CVE-2023-5561 CVE-2023-39999 Several security vulnerabilities have been discovered in Wordpress, a popular content management framework, which may lead to exposure of sensitive information to an unauthorized actor in WordPress or allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack. For Debian 10 buster, these problems have been fixed in version 5.0.20+dfsg1-0+deb10u1. We recommend that you upgrade your wordpress packages. For the detailed security status of wordpress please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/wordpress Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Critical WordPress patch released to mitigate data leaks on Debian LTS. Immediate upgrade advised for enhanced security.. WordPress Security, Debian Information Exposure, CMS Security Updates. . LinuxSecurity.com Team

Calendar%202 Nov 20, 2023 Debian LTS
89

Fedora 37: FEDORA-2023-c1535224de Moderate: WordPress Exposure Risk

WordPress 6.2.3 Security Release. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-c1535224de 2023-10-25 01:23:41.902221 -------------------------------------------------------------------------------- Name : wordpress Product : Fedora 37 Version : 6.2.3 Release : 1.fc37 URL : https://wordpress.org/ Summary : Blog tool and publishing platform Description : Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora -------------------------------------------------------------------------------- Update Information: WordPress 6.2.3 Security Release -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 16 2023 Remi Collet - 6.2.3-1 - WordPress 6.2.3 Security Release -------------------------------------------------------------------------------- References: [ 1 ] Bug #2244113 - CVE-2023-39999 wordpress: potential sensitive information exposure from unauthorized actors https://bugzilla.redhat.com/show_bug.cgi?id=2244113 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-c1535224de' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . WordPress 6.2.3 security patch resolves vulnerabilities related to potential data leakage; update now accessible.. WordPress Security, Fedora Wordpress, DNF Update Guidance. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Oct 25, 2023 Important Fedora
197

Debian 10: DLA-3462-1 Critical: WordPress Directory Traversal Issue

Several security vulnerabilities have been addressed in Wordpress, a popular content management framework. WordPress Core is vulnerable to Directory Traversal via the ‘wp_lang’ . -------------------------------------------------------------------------Debian LTS Advisory DLA-3462-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Markus Koschany June 21, 2023 https://wiki.debian.org/LTS -------------------------------------------------------------------------Package : wordpress Version : 5.0.19+dfsg1-0+deb10u1 CVE ID : CVE-2023-2745 Debian Bug : 1036296 Several security vulnerabilities have been addressed in Wordpress, a popular content management framework. WordPress Core is vulnerable to Directory Traversal via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack. For Debian 10 buster, this problem has been fixed in version 5.0.19+dfsg1-0+deb10u1. We recommend that you upgrade your wordpress packages. For the detailed security status of wordpress please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/wordpress Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS DLA-3463-2 resolves significant vulnerabilities related to path traversal in Joomla. Immediate update advised for enhanced protection.. WordPress Security Update, Directory Traversal, Debian Security Advisory, XSS Risk, Content Management Security. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 20, 2023 Critical Debian LTS
87

Debian: DSA-5279-2 Critical: Wordpress Threats and Fixes

The wordpress package released in DSA-5279-1 had incorrect dependencies that could not be satisfied in Debian stable: this update corrects the problem. For reference, the original advisory text is provided here again: . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5279-2 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Sebastien Delafond November 17, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wordpress Debian Bug : 1007005 1018863 1022575 1024249 The wordpress package released in DSA-5279-1 had incorrect dependencies that could not be satisfied in Debian stable: this update corrects the problem. For reference, the original advisory text is provided here again: Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injection, create open redirects, bypass authorization access, or perform Cross-Site Request Forgery (CSRF) or Cross-Site Scripting (XSS) attacks. For the stable distribution (bullseye), this problem has been fixed in version 5.7.8+dfsg1-0+deb11u2. We recommend that you upgrade your wordpress packages. For the detailed security status of wordpress please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/wordpress Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Security Alert DSA-5279-2 outlines vulnerabilities in WordPress addressed in the Debian stable release. It is advised to upgrade for enhanced security.. wordpress Update, Debian Security, Web App Threats. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Nov 17, 2022 Critical Debian
87

Debian DSA-5279-1 Moderate: Wordpress SQL Injection and XSS Threats

Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injection, create open redirects, bypass authorization access, or perform Cross-Site Request Forgery (CSRF) or Cross-Site Scripting (XSS) attacks. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5279-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Sebastien Delafond November 15, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wordpress Debian Bug : 1007005 1018863 1022575 Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injection, create open redirects, bypass authorization access, or perform Cross-Site Request Forgery (CSRF) or Cross-Site Scripting (XSS) attacks. For the stable distribution (bullseye), this problem has been fixed in version 5.7.8+dfsg1-0+deb11u1. We recommend that you upgrade your wordpress packages. For the detailed security status of wordpress please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/wordpress Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian Security Notice DSA-5280-1 tackles various vulnerabilities in Drupal, enhancing the security of web content management systems.. Wordpress Security, Debian Advisory, SQL Injection, XSS Risks, CSRF Protection. . LinuxSecurity.com Team

Calendar%202 Nov 15, 2022 Debian
197

Debian 10: DLA-3163-1 Critical: WordPress SQL Injection and XSS

Several security vulnerabilities have been discovered in Wordpress, a popular content management framework. Possible SQL injection and cross-site scripting (XSS) flaws may allow a remote attacker to execute arbitrary code or facilitate the injection of client-side scripts. . -------------------------------------------------------------------------Debian LTS Advisory DLA-3163-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Markus Koschany October 26, 2022 https://wiki.debian.org/LTS -------------------------------------------------------------------------Package : wordpress Version : 5.0.18+dfsg1-0+deb10u1 CVE ID : not yet available Several security vulnerabilities have been discovered in Wordpress, a popular content management framework. Possible SQL injection and cross-site scripting (XSS) flaws may allow a remote attacker to execute arbitrary code or facilitate the injection of client-side scripts. For Debian 10 buster, this problem has been fixed in version 5.0.18+dfsg1-0+deb10u1. We recommend that you upgrade your wordpress packages. For the detailed security status of wordpress please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/wordpress Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Numerous vulnerabilities found in Joomla can lead to unauthorized script injection or code execution. Update to Ubuntu 20.04 to enhance security.. WordPress Fix, Debian Security Patch, SQL Injection Remediation, XSS Protection. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Oct 26, 2022 Critical Debian LTS
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200