Using Insecure WordPress Plugins?Does your WordPress blog contain known insecure plugins? Check Now
Search This Blog
Security Updates Feed
We Perform Upgrades of:
WordPress VersionWe are running WordPress 3.8.1 and despite what many supposed "security experts" claim letting you know what version we are running does not make us less secure.
Want Us to Include Updates for Other Software?If you are interested in us providing updates on software we don't currently include updates for please send us a suggestion.
Category Archives: Security UpdateKeep Your Website Secure
Find out the important measures, including keeping software updated, that will keep your website secure here.
Joomla 2.5.19 and 3.2.3 were released today. The new versions fix a number of bugs and fix several security issues. The security fixes include a high priority SQL injection vulnerability fixed in 3.2.3 and a medium priority unauthorized login vulnerability fixed in both versions.
MediaWiki 1.19.12, 1.21.6, and 1.22.3 were released yesterday. The new versions fix several security issues, including blocking the uploading of some potentially malicious files. MediaWiki 1.22.3 also fixes several of bugs.
More information is available in the release announcement for 1.19.12, 1.21.6, and 1.22.3.
MediaWiki 1.19.11, 1.21.5, and 1.22.2 were released yesterday. The new versions fix remote code execution vulnerabilities that were exploitable if you have “enabled file upload support for DjVu (natively supported by MediaWiki) or PDF files (in combination with the PdfHandler extension)”. MediaWiki 1.22.2 also fixes a couple of bugs.
More information is available in the release announcement for 1.19.11, 1.21.5, and 1.22.2.
MediaWiki 1.19.10, 1.21.4, and 1.22.1 were released last Tuesday. MediaWiki 1.21.1 fixes several bugs. The new versions also fix security issues that could lead to cross-site scripting (XSS) and sanitization being bypasswed.
More information is available in the release announcement for 1.19.10, 1.21.4, and 1.22.1.
Drupal 6.30 and 7.26 were released on Wednesday. The new versions fix a vulnerability that could allow user impersonation through the OpenID module. Drupal 7.26 also fixes a bug that could allow users to see unpublished content they do not have permission to see and provides custom and contributed code to take advantage of an additional security check.
Moodle 2.3.11, 2.4.8, 2.5.5, and 2.6.1 were released today. The new versions include “small improvements”, bug fixes, and security fixes. Details of the security vulnerabilities fixed will be released later.
Update (January 21, 2014): Moodle has now released information on the security issues fixed in the releases. The new versions fixed two cross-site request forgery (CSRF) vulnerabilities, a vulnerability that allowed some users to log in as other users, and a bug in all but 2.3.x that sometimes would cause passwords to be recorded in plain text.
Revive Adserver 3.0.2 was released today. The new version fixes a vulnerability in older versions, including its precursor OpenX, that could allow an attacker backed access to the ad server through a SQL injection.
More information is available in the release notice.
Magento 184.108.40.206 was released today. The new version includes tax calculation updates, functionality improvements, and security enhancements. The security enhancements including fixes for possible remote file inclusion (RFI) vulnerabilities and a cross-site scripting vulnerability.
TYPO3 4.5.32, 4.7.17, 6.0.12, and 6.1.7 were released today. The new versions fix a number security vulnerabilities including ones that could cross-site scripting (XSS), open redirection, and file deletion. The new versions also include bug fixes.
Drupal 6.29 and 7.24 were released yesterday. The new versions fix a number of security vulnerabilities including a weakness in cross-site request forgery (CSRF) protection that could lead to remote code execution “in several popular contributed modules”. Drupal rates the security risk of the vulnerabilities to be highly critical. Fixing one of the security vulnerabilities may require manual action to be taken, you can find details of that in the security advisory for the new releases.