Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Fedora 23: 2015-09-25 Moderate: WordPress XSS and Permission Issues

fedora
Calendar Grey September 25, 2015
Dist Fedora Esm H88
WordPress version 4.3.1 has been released, featuring important security patches and a maintenance update that encourages all users to update promptly.
**WordPress 4.3.1 Security and Maintenance Release** [Upstream announcement](https://wordpress.org/news/2015/09/wordpress-4-3-1/ WordPress 4.3.1 is now available

Summary

Wordpress is an online publishing / weblog package that makes it very easy,

almost trivial, to get information out to people on the web.

Important information in /usr/share/doc/wordpress/README.fedora

Update Information:

**WordPress 4.3.1 Security and Maintenance Release** [Upstream announcement](https://wordpress.org/news/2015/09/wordpress-4-3-1/ WordPress 4.3.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. This release addresses three issues, including two cross-site scripting vulnerabilities and a potential privilege escalation. * WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of Check Point. * A separate cross-site scripting vulnerability was found in the user list table. Reported by Ben Bidner of the WordPress security team. * Finally, in certain cases, users without proper permissions could publish private posts and make them sticky (CVE-2015-5715). Reported by Shahar Tal and Netanel Rubin of Check Point. WordPress 4.3.1 also fixes twenty-six bugs. For more information, ...

Topics%20covered

Topics Covered

security advisory fedora software update cross-site scripting permission issue

Change Log

References


[ 1 ] Bug #1263657 - CVE-2015-5714 CVE-2015-5715 wordpress: XSS and permission issue fixed in wordpress 4.3.1 https://bugzilla.redhat.com/show_bug.cgi?id=1263657

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update wordpress' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
important
Lowest
Low
Medium
High
Critical

Name: wordpress
Product: Fedora 23
Version: 4.3.1
Release: 1.fc23
URL: https://wordpress.org/
Summary: Blog tool and publishing platform

Topics%20covered

Topics Covered

security advisory fedora software update cross-site scripting permission issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here