Fedora 31: wordpress FEDORA-2019-f21ad78845

    Date26 Oct 2019
    CategoryFedora
    174
    Posted ByLinuxSecurity Advisories
    **WordPress 5.2.4 Security Release** WordPress versions 5.2.3 and earlier are affected by these bugs, which are fixed in version 5.2.4. **Security Updates** * Props to Evan Ricafort for finding an issue where stored XSS (cross-site scripting) could be added via the Customizer. * Props to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts. * Props to
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2019-f21ad78845
    2019-10-26 17:17:38.272504
    --------------------------------------------------------------------------------
    
    Name        : wordpress
    Product     : Fedora 31
    Version     : 5.2.4
    Release     : 1.fc31
    URL         : http://www.wordpress.org
    Summary     : Blog tool and publishing platform
    Description :
    Wordpress is an online publishing / weblog package that makes it very easy,
    almost trivial, to get information out to people on the web.
    
    Important information in /usr/share/doc/wordpress/README.fedora
    
    --------------------------------------------------------------------------------
    Update Information:
    
    **WordPress 5.2.4 Security Release**  WordPress versions 5.2.3 and earlier are
    affected by these bugs, which are fixed in version 5.2.4.  **Security Updates**
    *    Props to Evan Ricafort for finding an issue where stored XSS (cross-site
    scripting) could be added via the Customizer. *    Props to J.D. Grimes who
    found and disclosed a method of viewing unauthenticated posts. *    Props to
    Weston Ruter for finding a way to create a stored XSS to inject Javascript into
    style tags. *    Props to David Newman for highlighting a method to poison the
    cache of JSON GET requests via the Vary: Origin header. *    Props to Eugene
    Kolodenker who found a server-side request forgery in the way that URLs are
    validated. *    Props to Ben Bidner of the WordPress Security Team who
    discovered issues related to referrer validation in the admin.
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Tue Oct 15 2019 Remi Collet  - 5.2.4-1
    - WordPress 5.2.4 Security Release
    --------------------------------------------------------------------------------
    
    This update can be installed with the "dnf" update program. Use
    su -c 'dnf upgrade --advisory FEDORA-2019-f21ad78845' at the command
    line. For more information, refer to the dnf documentation available at
    http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
    
    All packages are signed with the Fedora Project GPG key. More details on the
    GPG keys used by the Fedora Project can be found at
    https://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    _______________________________________________
    package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it.
    To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it.
    Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
    List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
    List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"66","type":"x","order":"1","pct":57.39,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.04,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"34","type":"x","order":"3","pct":29.57,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.