Debian Security Advisory
DSA-1601-1 wordpress -- several vulnerabilities
- Date Reported:
- 04 Jul 2008
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 437085, Bug 464170.
In Mitre's CVE dictionary: CVE-2007-1599, CVE-2008-0664.
- More information:
Several remote vulnerabilities have been discovered in Wordpress, the weblog manager. The Common Vulnerabilities and Exposures project identifies the following problems:
WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information.
The XML-RPC implementation, when registration is enabled, allows remote attackers to edit posts of other blog users.
For the stable distribution (etch), these problems have been fixed in version 2.0.10-1etch3.
For the unstable distribution (sid), these problems have been fixed in version 2.3.3-1.
We recommend that you upgrade your wordpress package.
- Fixed in:
Debian GNU/Linux 4.0 (etch)
- Architecture-independent component:
MD5 checksums of the listed files are available in the original advisory.