Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Fedora 21: 2015-12148 Moderate: WordPress Cross-Site Scripting Threat

fedora
Calendar Grey August 13, 2015
Dist Fedora Esm H88
WordPress version 5.0.1 has been released. This critical update resolves several security vulnerabilities; all users are urged to upgrade without delay.
**WordPress 4.2.4 Security and Maintenance Release** WordPress 4.2.4 is now available

Summary

Wordpress is an online publishing / weblog package that makes it very easy,

almost trivial, to get information out to people on the web.

Important information in /usr/share/doc/wordpress/README.fedora

Update Information:

**WordPress 4.2.4 Security and Maintenance Release**

WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov. It also includes a fix for a potential timing side-channel attack, discovered by Johannes Schmitt of Scrutinizer, and prevents an attacker from locking a post from being edited, discovered by Mohamed A. Baset.

Our thanks to those who have practiced responsible disclosure of security issues.

WordPress 4.2.4 also fixes four bugs. For more information, see: the release notes or consult the list of changes. * the release notes: https://wordpress.org/documentation/word...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate Fedora cross-site scripting SQL injection security release WordPress

Change Log

* Tue Aug 4 2015 Remi Collet - 4.2.4-1 - WordPress 4.2.4 Security and Maintenance Release * Fri Jul 24 2015 Remi Collet - 4.2.3-1 - WordPress 4.2.3 Security and Maintenance Release * Thu May 7 2015 Remi Collet - 4.2.2-1 - WordPress 4.2.2 Security and Maintenance Release * Tue Apr 28 2015 Remi Collet - 4.2.1-1 - WordPress 4.2.1 Security Release - WordPress 4.2 “Powell” * Fri Apr 24 2015 Remi Collet - 4.1.3-1 - WordPress 4.1.3 Maintenance Release * Thu Apr 23 2015 Remi Collet - 4.1.2-1 - WordPress 4.1.2 Security Release * Thu Feb 19 2015 Remi Collet - 4.1.1-1 - WordPress 4.1.1 Maintenance Release * Mon Dec 22 2014 Remi Collet - 4.1-1 - WordPress 4.1 “Dinah” * Fri Nov 21 2014 Remi Collet - 4.0.1-1 - WordPress 4.0.1 Security Release * Tue Sep 30 2014 Remi Collet - 4.0-3 - use system php-getid3 when available #1145574

References


[ 1 ] Bug #1246396 - CVE-2015-5622 CVE-2015-5623 wordpress: cross-site scripting and permission issue fixed in wordpress 4.2.3 https://bugzilla.redhat.com/show_bug.cgi?id=1246396 [ 2 ] Bug #1250583 - CVE-2015-2213 CVE-2015-5730 CVE-2015-5731 CVE-2015-5732 CVE-2015-5733 CVE-2015-5734 wordpress: cross-site scripting vulnerabilities and a potential SQL injection https://bugzilla.redhat.com/show_bug.cgi?id=1250583

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update wordpress' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
important
Lowest
Low
Medium
High
Critical

Name: wordpress
Product: Fedora 21
Version: 4.2.4
Release: 1.fc21
URL: https://wordpress.org/
Summary: Blog tool and publishing platform

Topics%20covered

Topics Covered

security advisory moderate Fedora cross-site scripting SQL injection security release WordPress

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here