OS X Server v2.2.2 Security Update

Apple have released updates to their OS X Server. Some of the updates for the applications below fixes issues which may lead to arbitrary code execution, so it’s important to update as soon as possible through Software Update.
Wiki Server

More information:

WordPress Fixes Multiple Vulnerabilities With 3.6.1 Release

From the announcement post, this maintenance release addresses 13 bugs with version 3.6.

Additionally: Version 3.6.1 fixes three security issues:

Remote Code Execution: Block unsafe PHP de-serialization that could occur in limited situations and setups, which can lead to remote code execution. Reported by Tom Van Goethem. CVE-2013-4338.
Link Injection / Open Redirect: Fix insufficient input validation that could result in redirecting or leading a user to another website. Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers for Disease Control and Prevention. CVE-2013-4339.
Privilege Escalation: Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user. Reported by Anakorn Kyavatanakij. CVE-2013-4340.

More information:

Oracle Patch Update April 2013

Oracle has released patch information for their April 2013 updates. This contains 128 security patches, with a lot of them being critical and for Java! Because of this, we advice users to update their applications as soon as possible!

Security vulnerabilities addressed by this Critical Patch Update affect the following products:

Oracle Database 11g Release 2, versions,
Oracle Database 11g Release 1, version
Oracle Database 10g Release 2, versions,,
Oracle Application Express, versions prior to 4.2.1
Oracle Containers for J2EE, version
Oracle COREid Access, version
Oracle GoldenGate Veridata, version
Oracle HTTP Server, versions,,
Oracle JRockit, versions R27.7.4 and earlier, R28.2.6 and earlier
Oracle Outside In Technology, versions 8.3.7, 8.4.0
Oracle WebCenter Capture, version
Oracle WebCenter Content, versions,
Oracle WebCenter Interaction, versions 6.5.1,
Oracle WebCenter Sites, versions 7.6.2,,
Oracle WebLogic Server, versions 10.0.2, 10.3.5, 10.3.6, 12.1.1
Oracle Web Services Manager, version
Oracle E-Business Suite Release 12, versions 12.0.6, 12.1.1, 12.1.2, 12.1.3
Oracle E-Business Suite Release 11i, version
Oracle Agile EDM, versions,,
Oracle Transportation Management, versions 5.5.05, 6.2
Oracle PeopleSoft HRMS, version 9.1
Oracle PeopleSoft PeopleTools, versions 8.51, 8.52, 8.53
Oracle Siebel CRM, versions 8.1.1, 8.2.2
Oracle Clinical Remote Data Capture Option, versions 4.6.0, 4.6.6
Oracle Retail Central Office, versions 13.1, 13.2, 13.3, 13.4
Oracle Retail Integration Bus, versions 13.0, 13.1, 13.2
Oracle FLEXCUBE Direct Banking, versions 2.8.0 – 12.0.1
Primavera P6 Enterprise Project Portfolio Management, versions 7.0, 8.1, 8.2
Oracle and Sun Systems Product Suite
Oracle Sun Middleware Products
Oracle MySQL Server, versions 5.1, 5.5, 5.6
Oracle Automatic Service Request, versions prior to 4.3.2

More information:

Security updates available for Adobe Flash Player, ColdFusion and Shockwave Player

Adobe has announced security updates to their Flash Player, ColdFusion and Shockwave Player families. Users are adviced to update as soon as they can to avoid being exploited.

More information: