Stay Secure with the Latest Linux Advisories

security advisorysecurity updatecritical

Fedora 21: 2015-15982 Critical: WordPress XSS And Permissions Issues

**WordPress 4.3.1 Security and Maintenance Release** [Upstream announcement](https://wordpress.org/news/2015/09/wordpress-4-3-1/ WordPress 4.3.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. This release addresses three issues, including two cross-site scripting vulnerabilities and a. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-15982 2015-09-25 07:40:56.700563 -------------------------------------------------------------------------------- Name : wordpress Product : Fedora 21 Version : 4.3.1 Release : 1.fc21 URL : https://wordpress.org/ Summary : Blog tool and publishing platform Description : Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora -------------------------------------------------------------------------------- Update Information: **WordPress 4.3.1 Security and Maintenance Release** [Upstream announcement](https://wordpress.org/news/2015/09/wordpress-4-3-1/ WordPress 4.3.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. This release addresses three issues, including two cross-site scripting vulnerabilities and a potential privilege escalation. * WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of Check Point. * A separate cross-site scripting vulnerability was found in the user list table. Reported by Ben Bidner of the WordPress security team. * Finally, in certain cases, users without proper permissions could publish private posts and make them sticky (CVE-2015-5715). Reported by Shahar Tal and Netanel Rubin of Check Point. WordPress4.3.1 also fixes twenty-six bugs. For more information, see the [release notes](https://wordpress.org/documentation/wordpress-version/version-4-3-1/ or consult the [list of changes](https://core.trac.wordpress.org/log/branches/4.3/?rev=34199&st op_rev=33647). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1263657 - CVE-2015-5714 CVE-2015-5715 wordpress: XSS and permission issue fixed in wordpress 4.3.1 https://bugzilla.redhat.com/show_bug.cgi?id=1263657 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update wordpress' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/admin/lists/package-announce.lists.fedoraproject.org/ . The recent release of WordPress 4.3.1 has raised alarms regarding certain security vulnerabilities; crucial patches are now available to rectify XSS threats and user permissions on Fedora 21.. WordPress Security Update,Fedora Wordpress Update,XSS Issues,Security Fixes. . Severity: Critical. LinuxSecurity.com Team

Sep 25, 2015 •Critical Fedora