WordPress 4.5.3 Maintenance and Security Release

WordPress 4.5.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.5.2 and earlier are affected by several security issues: redirect bypass in the customizer, reported by Yassine Aboukir; two different XSS problems via attachment names, reported by Jouko Pynnönen and Divyesh Prajapati; revision history information disclosure, reported […]

Mozilla-supported Let’s Encrypt goes out of Beta

In 2014, Mozilla teamed up with Akamai, Cisco, the Electronic Frontier Foundation, Identrust, and the University of Michigan to found Let’s Encrypt  in order to move the Web towards universal encryption. Today, Let’s Encrypt is leaving beta. We here at … Continue reading

Fedora’s not DROWNing

In the continuing line of security vulnerabilities with cute names like Heartbleed or Shellshock, today we have “DROWN.” About DROWN DROWN comes complete with its own fancy website and, of course, logo. Officially, it’s been designated as CVE-2016-0800. Red Hat’s security team… Continue Reading →

Stickers, Metrics, Security, and More — it’s Five Things in Fedora This Week

Fedora is a big project, and it’s hard to keep up with everything. This series highlights interesting happenings in five different areas every week. It isn’t comprehensive news coverage — just quick summaries with links to each. Get Fedora Stickers… Continue Reading →

GPG key management, part 2

Welcome back to the GPG series, where we are exploring how to make use of GPG with other applications to secure and protect your data. In the first installment, we covered the functions of GPG. You learned about integrity, non-repudiation… Continue Reading →

WordPress 4.4.2 Security and Maintenance Release

WordPress 4.4.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.4.1 and earlier are affected by two security issues: a possible XSS for certain local URIs, reported by Ronni Skansing; and an open redirection attack, reported by Shailesh Suthar. Thank you […]

GPG key management, part 1

Welcome back to the GPG series, where we are exploring how to make use of GPG with other applications to secure and protect your data.This installment will cover key creation, key revocation certificate creation, and sending the public key to… Continue Reading →

GPG: a Fedora primer

GPG, or GnuPG, refers to the Gnu Privacy Guard utility. GPG is a freely available implementation of the OpenPGP standard that was released by Werner Koch in 1999. The security and privacy of data and individuals is an important topic in modern culture. The… Continue Reading →

Elections (Vote Now!), Atomic, OpenQA, Let’s Encrypt, and GNOME shortcut key design

Don’t Forget to Vote! The 2015 November / December Fedora Elections officially began last Monday, and voting closes today (December 14th) at 23:59:00 UTC. Watch the timezone —  that’s a lot sooner than midnight in many parts of the world…. Continue Reading →

LetsEncrypt now available in Fedora

LetsEncrypt recently entered into a public beta. Thanks to the work of the LetsEncrypt team and Fedora packagers, the official LetsEncrypt client is now available in both Fedora 23 and Rawhide. To learn how LetsEncrypt works or what it is, you can read… Continue Reading →

LetsEncrypt enters public beta

LetsEncrypt is an initiative being sponsored by several different organizations including Mozilla and the Electronic Frontier Foundation following from recent privacy discussions in various communities last year. The key goal is to provide free, easy encryption via free SSL certificates… Continue Reading →

The Security Wranglers of Fedora

The deluge of software vulnerabilities creates challenges for system administrators, developers, and users. Although many vulnerabilities are corner cases that are often difficult to exploit and have limited effects, there are the occasional vulnerabilities that become front page news. Many… Continue Reading →

WordPress 4.2.4 Security and Maintenance Release

WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí […]

WordPress 4.2.1 Security Release

WordPress 4.2.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately. A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site. The vulnerability was discovered by Jouko Pynnönen. […]

WordPress 4.1.2 Security Release

WordPress 4.1.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. This was reported by Cedric Van Bockhaven and fixed by […]

Let’s say goodbye to Mageia 3

It’s been a great run, but all good things must end. Or at least, upgrade to a greater thing. Since Mageia 3 was released in May 2013 our packaging and security teams have provided hundreds of updates (actually 1136 source packages … Continue reading

Lollipop’s Encryption Takes a Hefty Toll

The new full-disk encryption feature that’s enabled by default in Android 5.0 Lollipop comes at a hefty price in terms of performance, according to a recent benchmark report.
In fact, when full-disk encryption is enabled, random read performance drops by 62.9 percent, while random write performance falls by 50.5 percent, AnandTech reported late last week.

WordPress 4.0.1 Security Release

WordPress 4.0.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately. Sites that support automatic background updates will be updated to WordPress 4.0.1 within the next few hours. If you are still on WordPress 3.9.2, 3.8.4, or 3.7.4, you will be […]

As Philae, Mageia 3 is running out of batteries…

As you all know, we can’t maintain Mageia releases forever. And it’s time to say goodbye to Mageia 3. After Wednesday the 26th of November, this release won’t benefit from any more security or bugfix updates. This will allow QA … Continue reading

ownCloud Ubuntu Package Affected By Multiple Critical Security Issues, Nobody To Fix It

ownCloud developer Lukas Reschke has sent an email to the Ubuntu Devel mailing list, requesting that ownCloud (server) is removed from the Ubuntu repositories because the package is old and there are multiple critical security bugs for which no fixes have been backported. He adds that:”Those security bugs allows an unauthenticated attacker to gain complete […]