Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Debian 8 Jessie DLA-1452-1 Critical: WordPress Remote Code Execution

debian lts
Calendar Grey July 30, 2018
Dist Debian Esm H88
A crucial security patch for WordPress in Debian 8 Jessie tackles severe vulnerabilities that could lead to remote code execution and denial of service attacks.
Two vulnerabilities were discovered in wordpress, a web blogging tool

Summary

The oEmbed protocol implementation in WordPress before 4.5.3 allows
remote attackers to cause a denial of service via unspecified
vectors.

CVE-2018-12895

A vulnerability was discovered in Wordpress, a web blogging tool. It
allowed remote attackers with specific roles to execute arbitrary
code.

For Debian 8 "Jessie", these problems have been fixed in version
4.1+dfsg-1+deb8u18.

We recommend that you upgrade your wordpress packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
critical
Lowest
Low
Medium
High
Critical

Package: wordpress
Version: 4.1+dfsg-1+deb8u18
CVE ID: CVE-2016-5836 CVE-2018-12895
Debian Bug: 902876

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here