WordPress 2.6.2 released for security reasons
Free blog software WordPress notifies of a security update in its 2.6.2 version.
The WordPress security breaches were discoverd by Stefan Esser. They are based partly on SQL column truncation and partly on the weakness of the mt_rand() function. These breaches are especially noticeable if open registration is allowed on the blog. An immediate WordPress upgrade is recommended for such blogs.
As the developers make clear in their announcement, it is possible in WordPress to reset another user's password. Taken alone this may be a mere annoyance to users, but combined with the weakness of the mt_rand() function there is a risk that the randomly generated password can be predicted. The discoverer of this security breach will release details soon. Possible other PHP applications are susceptible, according to the WordPress Blog. The project recommends a patch, but certainly an upgrade to 2.6.2 in case open user registration is enabled. The upgrade also includes a number of bug fixes.
Issue 230/2020
Buy this issue as a PDF
News
-
Linux Mint 19.3 Will be Released by Christmas
The developers behind Linux Mint have announced 19.3 will be released by Christmas 2019.
-
Linux Kernel 5.4 Released
A number of new changes and improvements have reached the Linux kernel.
-
System76 To Design And Build Laptops In-House
In-house designed and built laptops coming from System76.
-
News and views on the GPU revolution in HPC and Big Data:
-
The PinePhone Pre-Order has Arrived
Anyone looking to finally get their hands on an early release of the PinePhone can do so as of November 15.
-
Microsoft Edge Coming to Linux
Microsoft is bringing it’s new Chromium-based Edge browser to Linux.
-
Open Invention Network Backs Gnome Project Against Patent Troll
OIN has deployed its legal team to find prior art.
-
Fedora 31 Released
The latest version of Fedora comes with new packages and libraries.
-
openSUSE OBS Can Now Build Windows WSL Images
openSUSE enables developers to build their own WSL distributions.
-
Sudo Vulnerability
A vulnerability in the sudo package gives sudo users more powers than they deserve.