Xen security updates issued

Simply patching systems against the Bash/Shellshock vulnerability may not be adequate. Attacks exploiting the flaw appeared within a day of its disclosure. Those attacks may have made changes to systems that would not be remedied by the application of a patch.

An update for cPanel was just released to address various security vulnerabilities. These updates provide targeted changes to address security concerns with cPanel and WHM. We recommend that you update as soon as possible.

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv2 scores ranging from…

An update for Xen was just released to address a vulnerability where a buggy or malicious HVM guest can crash the host or read data relating to other guests or the hypervisor itself. source:hostingseclist

Over the past two years, processors, in particular processors made by Intel, have been targeted by an unending series of attacks that have made it possible for skilled attackers to intercept passwords, encryption keys, and other secrets out of data stored in resident memory.

A serious vulnerability has been discovered in older versions of the popular Code Snippets plugin for WordPress. The flaw allowed anybody to forge a request on behalf of an administrator and inject executable code on a vulnerable site. This is a Cross-Site Request Forgery (CSRF) to Remote Code Execution…

A vulnerability in Intel’s Active Management Technology (AMT) feature of Intel processors appears relatively easy to abusive. A remote control authentication screen can be bypassed using a blank string through a proxy server. AMT lets sysadmins perform powerful tasks over a remote connection.

Product Description: MariaDB Server is one of the most popular database servers in the world. It is developed by the original creators of the ubiquitous MySQL server and it is guaranteed by the developers to remain open source software. Notable users of MariaDB include Wikipedia, WordPress.com and Google. MariaDB…

WordPress 4.3.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. This release addresses three issues, including two cross-site scripting vulnerabilities and a potential privilege escalation.

WordPress 4.7.2 was released last Thursday, January 26th. WordPress have just announced that In addition to the three security vulnerabilities mentioned in the original release post, WordPress 4.7 and 4.7.1 had one additional vulnerability for which disclosure was delayed.

aaPanel is a free and Open source Hosting Control Panel for RHEL and Debian based systems. It is the Internationalized version for the BAOTA panel(www.bt.cn), developed in China. It allows users to manage their web server through a web-based GUI (Graphical User Interface).

The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2d and 1.0.1p. These releases will be made available on 9th July. They will fix a single security defect classified as “high” severity. This defect does not affect the 1.0.0 or 0.9.8 releases.

 Adobe’s first round of security updates for 2019 resolve two critical flaws for Adobe Acrobat and Reader for Windows and MacOS. These updates address critical vulnerabilities, CVE-2018-16011 and CVE-2018-19725.

Researchers from universities in Adelaide, Eindhoven, Chicago, Maryland and Pennsylvania have published a paper describing how they used a local side-channel attack to break the Libgcrypt encryption library. The exploit could be used to recover a RSA-1024 key.

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv3 scores ranging from…