Debian Security Advisory
DLA-418-1 wordpress -- LTS security update
- Date Reported:
- 17 Feb 2016
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 813697.
In Mitre's CVE dictionary: CVE-2016-2221, CVE-2016-2222.
- More information:
WordPress versions 4.4.1 and earlier are affected by two security issues: a possible Side Request Forgery Vulnerability for certain local URIs, reported by Ronni Skansing; and an open redirection attack, reported by Shailesh Suthar.
Wordpress could be vulnerable for an open redirection attack which was fixed by better validation of the URL used in HTTP redirects.
It was discovered that Wordpress was susceptible for a possible Side Request Forgery Vulnerability because it considered for instance 0.1.2.3 as a valid IP.
For Debian 6
Squeeze, these problems have been fixed in version 3.6.1+dfsg-1~deb6u9.
We recommend that you upgrade your wordpress packages.