1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5685-1] wordpress security update

    From Markus Koschany@21:1/5 to All on Thu May 9 00:10:01 2024
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5685-1 security@debian.org https://www.debian.org/security/ Markus Koschany
    May 08, 2024 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : wordpress
    CVE ID : CVE-2023-2745 CVE-2023-5561 CVE-2023-38000 CVE-2023-39999
    CVE-2024-31210
    Debian Bug : 1036296


    Several security vulnerabilities have been discovered in Wordpress, a popular content management framework, which may lead to exposure of sensitive information to an unauthorized actor in WordPress or allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack.

    Furthermore this update resolves a possible cross-site-scripting vulnerability, a PHP File Upload bypass via the plugin installer and a possible remote code execution vulnerability which requires an attacker to control all the properties of a deserialized object though.

    For the oldstable distribution (bullseye), these problems have been fixed
    in version 5.7.11+dfsg1-0+deb11u1.

    For the stable distribution (bookworm), these problems have been fixed in version 6.1.6+dfsg1-0+deb12u1.

    We recommend that you upgrade your wordpress packages.

    For the detailed security status of wordpress please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/wordpress

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmY78XJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRBIBAAlHttuzHU3awlLA5WFHprj6S3PJA2YQSQjt+Ejk+pFGVpHjs4/gaI8S/t 3rb9hEf2ClK6NdNxqAHSNzOuYLAG3S1rfATtQGfxEpYTBrngXKSUgFltElhRBACe GOLxtfh7Yha94hbf/HBiFEpKEmFXLnmGuSv1M0z77SEcNEdQ0sd5Be5VDwKcxnY6 FYrrvoFjYUiDj66B19/B8ytUlRb7Mgr8KakqOiO6jzINL/mtJ52pcd63+JrkBF0L 8br30YKxII9Rb10ygBhl5AzjhC/yrQexVtYyK0l1avm7/JC08kxDch++ANRekCJA kTx0ARi2AZJv1ktzm1DIfxNLrLtiCTJjSFFi6/WTCW3UAFNiVbEQOYal95lKBLXG V6AJhYYYPI3rbwnUJX5FZn4PEKoHTXotuveqdGHF2727ROUrConLZrrBa/hovj7v GPIe4SZZHLizK2CO84Gxgy7mI4F46I2C6TlIMvsJKyL1XUopti+Ds8f7e5AIgzB9 rSkYPTBfLsm5fIeVpodja1qJMQdo9NklnamaPnbjL8BTmExedf638WYJfMLBqgXY Kl9M6uSwfBpl2dfvKqg2iUos359X65Nt+Cd3Ve5zsSigDssvsQ7YTV/TJHMavq6z f294k2zHfMaCiathCpOayN8KFX7WHeBEL8N8j/bukYgFaHD8y5o=
    =qCem
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)