[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 418-1] wordpress security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : wordpress
Version        : 3.6.1+dfsg-1~deb6u9
CVE ID         : CVE-2016-2221 CVE-2016-2222
Debian Bug     : 813697

WordPress versions 4.4.1 and earlier are affected by two security
issues: a possible Side Request Forgery Vulnerability for certain
local URIs, reported by Ronni Skansing; and an open redirection
attack, reported by Shailesh Suthar.

CVE-2016-2221
   Wordpress could be vulnerable for an open redirection attack
   which was fixed by better validation of the URL used in HTTP
   redirects.

CVE-2016-2222
   It was discovered that Wordpress was susceptible for a possible Side
   Request Forgery Vulnerability because it considered for instance
   0.1.2.3 as a valid IP.


For Debian 6 "Squeeze", these problems have been fixed in version
3.6.1+dfsg-1~deb6u9.

We recommend that you upgrade your wordpress packages.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQJ8BAEBCgBmBQJWw6rSXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1Hkz0AQAJi4esGUtMcCEJkSBo13rB7G
H758Pd5w7p9z+HCgcR/9k+2qIp9cOlGvarhkhjknRc4EPLGKAT0vewtUzK/QPKA5
kdbTDXkxSpUozpycQ1gw0x6ZfitfrkT0Jrg1PxJvuEIAYRIUlFPaYqRfbBCyxD8t
E0l0VB7VQNauhl1VYZ2vK2gJFtGmxd+7HxdZkWnk+fKP0Cy8T3ne60ukGLhJ0UY4
NpdyxaCUmh3ma7/RjQtqmRser5cwLh2Y8z10uzf7MIUEeThJM7c1c0KojAfmSYZy
N7/YolaXVf/wEAJkHjxiBJ+gelQq5aJNE3J/dgPSvz9HgKqVbdiI28XwyXi0HhIu
PwhGmvK86gH8T2TZMDQhY5naGa9Dw7MKI7XKhu0trpVvZXdaqMZ6TeX4wdOMlANS
RwF4OPs3JCPZWQRdCeYU2xlOWDWCnQ0vrf6VZAoc9J/1orRwswBx0eqeLiv8RVR0
D9wqtUG86f4ahQ99A73w2wKI2cOzyV5mWtUp51lD/pjbzamAE1w1QEpLKJ8D7Aad
/qmJoJK9CL+RasDTvH2bceqiugdZ6xvvXiLsovjuC3Et+6Qhsme0aDtnnUP0vz4q
KbUrYm2butT0gLPCnnnrd6YAsCBrbHqL2crydayWGAwyG443F0LfbiFRjpxLgA+K
fvIi7NlH8F6qKO71oZVT
=gGTK
-----END PGP SIGNATURE-----


Reply to: