1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2901-1] wordpress security update

    From Salvatore Bonaccorso@1:229/2 to All on Sat Apr 12 22:40:03 2014
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2901-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso
    April 12, 2014 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : wordpress
    CVE ID : CVE-2014-0165 CVE-2014-0166
    Debian Bug : 744018

    Several vulnerabilities were discovered in Wordpress, a web blogging
    tool. The Common Vulnerabilities and Exposures project identifies the
    following problems:

    CVE-2014-0165

    A user with a contributor role, using a specially crafted
    request, can publish posts, which is reserved for users of the
    next-higher role.

    CVE-2014-0166

    Jon Cave of the WordPress security team discovered that the
    wp_validate_auth_cookie function in wp-includes/pluggable.php does
    not properly determine the validity of authentication cookies,
    allowing a remote attacker to obtain access via a forged cookie.

    For the oldstable distribution (squeeze), these problems have been fixed
    in version 3.6.1+dfsg-1~deb6u2.

    For the stable distribution (wheezy), these problems have been fixed in
    version 3.6.1+dfsg-1~deb7u2.

    For the testing distribution (jessie), these problems have been fixed in version 3.8.2+dfsg-1.

    For the unstable distribution (sid), these problems have been fixed in
    version 3.8.2+dfsg-1.

    We recommend that you upgrade your wordpress packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJTSaAGAAoJEAVMuPMTQ89E16kP/1qPSwTsXOAOcRW0si9TILJQ dJfqgQNhaUom4c0Z1+OtGVV7i0APlznGFCK2xX3KVyAGP9OWKbc+jiYAkGYmMskh 5+Vk4La4g8qrDQjc3D82q+dW8KgO8oPPCVX6nF5FpPcliMykCs6Zlx+XcGtgBmTM EnRs2fIA2dVWI/N1gV8+yOrYoU4ixUfWqUdI1qgn5r310JN0pVVYLPD/rwjUmj3w /m2qM35tK0+cpSpPbN+P0KJSucVGRVvZKsMIJF+lbD9jM59Ig2GWgLFIti76C7Sz D1kLb9lCUBFB/5qvRa76ljYLG/U1tQHNP8QqDddohHxm+nmyT6lMvFhYOH+TJBh/ Y6xFPaZLsLwQmz2T6z355C8itJhhdclU1gRmnNHHBCWe1LtJi52x8sLhotkSbN6T nD/K6iv/gwOal4jgHjeLo9vkepbOWI6cZ3uZpxnZScfTS383LIFJ8DijCEnu5FPx BJAb7HtQyYjCM5BJjzy0bP6b/EyHR49iuQ+WIAFhgiBkBqBON2q+ipGMgPs7EJBN mc1TfO9IYBBJJYbep4UDho4wOYhzR6308PBm5kRWd6E7D+K5otJkKIsL76iTHDSc 846Mo9bi55jrRHSCMHwzqTKp1bj4PTsAlY//bYTevyye6zSfDxok6951k0qVMFSA SV9zn6ftutk6v9J25cpr
    =ewsD
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)