Debian Security Advisory

DSA-1601-1 wordpress -- several vulnerabilities

Date Reported:
04 Jul 2008
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 437085, Bug 464170.
In Mitre's CVE dictionary: CVE-2007-1599, CVE-2008-0664.
More information:

Several remote vulnerabilities have been discovered in Wordpress, the weblog manager. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2007-1599

    WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information.

  • CVE-2008-0664

    The XML-RPC implementation, when registration is enabled, allows remote attackers to edit posts of other blog users.

For the stable distribution (etch), these problems have been fixed in version 2.0.10-1etch3.

For the unstable distribution (sid), these problems have been fixed in version 2.3.3-1.

We recommend that you upgrade your wordpress package.

Fixed in:

Debian GNU/Linux 4.0 (etch)

Architecture-independent component:

MD5 checksums of the listed files are available in the original advisory.