[SECURITY] [DLA 1452-1] wordpress security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1452-1] wordpress security update
From: Markus Koschany <apo@debian.org>
Date: Mon, 30 Jul 2018 08:19:27 +0800
Message-id: <[🔎] 32e7a8f4-c5a4-5a33-b6cb-915c7521b7f0@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : wordpress
Version        : 4.1+dfsg-1+deb8u18
CVE ID         : CVE-2016-5836 CVE-2018-12895
Debian Bug     : 902876

Two vulnerabilities were discovered in wordpress, a web blogging
tool. The Common Vulnerabilities and Exposures project identifies the
following issues.

CVE-2016-5836

    The oEmbed protocol implementation in WordPress before 4.5.3 allows
    remote attackers to cause a denial of service via unspecified
    vectors.

CVE-2018-12895

    A vulnerability was discovered in Wordpress, a web blogging tool. It
    allowed remote attackers with specific roles to execute arbitrary
    code.

For Debian 8 "Jessie", these problems have been fixed in version
4.1+dfsg-1+deb8u18.

We recommend that you upgrade your wordpress packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlteWY9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRx+xAApfD3DDHlrNcunY1A8HWrPW+NmCU48Qu00o/zAH+Qzi+UL5ErDSEP+buX
GPTghkJN70WuGRUGNQlJ2ruJKJ2YR4xyfCfI8Q03rgP0gOZS33aAx3xKYMeL4vGc
A1WnxFUw4FBYzJjmGptE3TMKjIyWlOjstzhk59DISFzVbJI5ulBrPoaAJJEAPFmj
+rTRTo1T3bFxWxbyL57TL6ktvqEuU2bMZcLBwOsbVlNVPvBnvBk0BAEa0jjTlD05
RE6lEOB3E4XH8L6fSCGQ4YiRHeuu1gKUX1Jx3Xknl+edrS477mjNOo5A7Md0hx6l
1vvfL8vNNX1c2gQUNyLzX1FxFbRsxkkAQDOjv//vw/oiIpTyIHhSn3M9M+4Q81MM
oyl8gL6Tmhtnx0mwwyW1HC1DOnNKt1P2htC0X60EMJSFmySlILS5zuLmvVIxM55D
JvnyHC73r3xSkos4kF1bOXxs65Gg3GotHKNX2yb1T/1F1LrCtQvMJwEIFM+0ZK5L
hzi+JSny+rlZh2CHoxXvyeka/zkpC9WE2QlXui7eTvBTV6XKPNt/quJK7wGH6ple
SegmqoZaRHGF1cF35owHzJPfpYNWPKoHWSMjmZvClNNDiKVZylYM0VIk/eZGIkYT
VBgKag7MFlDCQK1FXTvseNhfGZCzh03d41M75y9XXB5r0Ve9gLY=
=cVfl
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1451-1] wireshark security update
Next by Date: [SECURITY] [DLA 1453-1] tomcat7 security update
Previous by thread: [SECURITY] [DLA 1451-1] wireshark security update
Next by thread: [SECURITY] [DLA 1453-1] tomcat7 security update
Index(es):
- Date
- Thread