Top Navigation

Archive | February, 2016

Glibc Vulnerability – RHEL/CentOS 6/7, Ubuntu, Debian

On 16 February 2016, Red Hat identified the glibc getaddrinfo stack-based buffer overflow vulnerability as described here:

Critical security flaw: glibc stack-based buffer overflow in getaddrinfo() (CVE-2015-7547)

This vulnerability is rated Critical and has been confirmed to impact RHEL 6, RHEL 7, CentOS 6, CentOS 7, Debian and Ubuntu.

Linux vendors have released updates to address this vulnerability. It is critically important that all vulnerable servers be updated as soon as possible.

If you need help to determine if you are vulnerable or if you need assistance with upgrading the please contact Reliable Penguin at 866-649-7984 or support@reliablepenguin.com.

 

 

 

 

WordPress 4.4.2 Security Release

There was an important WordPress security release today. Here’s the release notes:

— start —

WordPress 4.4.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.4.1 and earlier are affected by two security issues: a possible SSRF for certain local URIs, reported by Ronni Skansing; and an open redirection attack, reported by Shailesh Suthar.

Thank you to both reporters for practicing responsible disclosure.

In addition to the security issues above, WordPress 4.4.2 fixes 17 bugs from 4.4 and 4.4.1. For more information, see the release notes or consult the list of changes.

Download WordPress 4.4.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.4.2.

— end —

As stated in the release, all WordPress users are advised to upgrade immediately to one of the following versions:

3.7.13

3.8.13

3.9.11

4.0.10

4.1.10

4.2.7

4.3.3

4.4.2

If you need assistance with upgrading, please contact Reliable Penguin at support@reliablepenguin.com or 866-649-7984.