1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3250-1] wordpress security update

    From Alessandro Ghedini@1:229/2 to All on Mon May 4 21:00:01 2015
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3250-1 [email protected] http://www.debian.org/security/ Alessandro Ghedini
    May 04, 2015 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : wordpress
    CVE ID : CVE-2015-3438 CVE-2015-3439 CVE-2015-3440
    Debian Bug : 783347 783554

    Multiple security issues have been discovered in Wordpress, a weblog
    manager, that could allow remote attackers to upload files with invalid
    or unsafe names, mount social engineering attacks or compromise a site
    via cross-site scripting, and inject SQL commands.

    More information can be found in the upstream advisories at https://wordpress.org/news/2015/04/wordpress-4-1-2/ and https://wordpress.org/news/2015/04/wordpress-4-2-1/

    For the oldstable distribution (wheezy), these problems have been fixed
    in version 3.6.1+dfsg-1~deb7u6.

    For the stable distribution (jessie), these problems have been fixed in
    version 4.1+dfsg-1+deb8u1.

    For the testing distribution (stretch), these problems have been fixed in version 4.2.1+dfsg-1.

    For the unstable distribution (sid), these problems have been fixed in
    version 4.2.1+dfsg-1.

    We recommend that you upgrade your wordpress packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJVR7+OAAoJEK+lG9bN5XPL7YgP/0kHKf4aTa4H/XlOy9L7/Oqz IKaG69pbpzAN0ulrFt/flIWWN//SHzoY8jOfIZnrm4pnsDd6O2qS4TpTGa/911KQ IEBhEuGsNrkSEjQZDW/NHsf1cdhTf3O3yWrtFMnaQSW2ksZnJb0GlgpSY1y/9bGH AQWxhL6moG/ILO3e1j4gdr4bMKNBC1p1RK2+b7PQROQjdWjtdRCUKeDCpK9Qdt3P bO/DaRdO07RjX4h92ozxKIpvsTfTaxlPDwFm2Sn2SSpkLS507QGDHdEkI2hu4Fj3 qT+BjSxPbqt767AlibehtoqF7UPz9zw6J06Wg37YBHTBWit1s6MO8K9y65B5ZO0a pdRGjoaUprnGNvskaGXLPb80lASNQQ0m6aMdmbHgvzfTtPDG0MpNxLvCxpR5rLc+ z6YClWL+GzKHxKfpU0m8iC/0UnxrGsJ6jsYqElbDDoIf5ztrrJov6m5xpoME7vsS 9jaE4F1YWrhluNGTp4pAa/x78FLNOdVaDs/lPQ0f1dmq6EI1GaD9iuUp4XEANo76 SM0vjnzJ2Jo0kakcHiHbt7YX2tQilkrAkIMYAzDew1jtkvofLxW9jbeJ9NDWE5Hb 2d1mIvlRTRBFIMCS+5M83TSiIFeNOe7DjK19KTAYSAiLYf8LXuGWB2Y/eZF2j3Bq RKxnRPe6EBh+NRIvZyaa
    =nORs
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)