[SECURITY] [DLA 1742-1] wordpress security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1742-1] wordpress security update
From: Abhijith PA <abhijith@disroot.org>
Date: Mon, 1 Apr 2019 01:00:13 +0530
Message-id: <[🔎] 57d091d0-a2c5-3294-42a7-0b47c75c32c4@disroot.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : wordpress
Version        : 4.1.26+dfsg-1+deb8u1
CVE ID         : CVE-2019-8942 CVE-2019-9787
Debian Bug     : 924546


Simon Scannell of Ripstech Technologies discovered multiple
vulnerabilities in wordpress, a web blogging manager.

CVE-2019-8942

    remote code execution in wordpress because an _wp_attached_file Post
    Meta entry can be changed to an arbitrary string, such as one ending
    with a .jpg?file.php substring. An attacker with author privileges
    can execute arbitrary code by uploading a crafted image containing
    PHP code in the Exif metadata.

CVE-2019-9787

    wordpress does not properly filter comment content, leading to
    Remote Code Execution by unauthenticated users in a default
    configuration. This occurs because CSRF protection is mishandled,
    and because Search Engine Optimization of A elements is performed
    incorrectly, leading to XSS. The XSS results in administrative
    access.

For Debian 8 "Jessie", these problems have been fixed in version
4.1.26+dfsg-1+deb8u1.

We recommend that you upgrade your wordpress packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAlyhFTwACgkQhj1N8u2c
KO+BVRAAh8r096/cV9Olfjkqn8/JcYS8swAN5clXIUEHS3Aw91NVzGXYZMQgGj0E
3fhPwRLCqmPMtj5M+rH1kuIeBcqtwKf3W/C3CVnb69DgfnwR1DMQ7kAWj/PDOTPM
I7k16zWSkl9aL9RGn5LLtEutWGCi0urjHD0Cf5QN5ffsM7d6qqoIiwpcXCspvxD4
xBjh5GNJjTwUE8/E/ajy4OoJfuBoUcDGeN9B4XW+hftUWahVFxxexyt1S6bIjChs
1OtrlzSlAx0POkGhuF22rCKz8SxpVCfFpwbm7yxma65mitx3q/SsWETnVDwI93if
fqsOcXElg8s8BpNKsNwT5kY9oAhAc/LYCERvR4iTypQMpPVdO5AtLb8WQBcbRBxf
ndFB1cT+nZYWfZ7dorhHqRRq5VncPx2rF04YYkCSEGwNrAoPdbY6bAUdgol7aN83
JbT9FtWHgJvd4VR5W8DI8ddLNidBznfsbirP+27jtUCE/aRDQ2cPa+r5YFs623OM
vb6vKfdems3C1WOkGbtHmvVZlH513M97D5OwAjGaROJnAG+p3ipjJi4cC+94l9XH
s8fxb8Y+yWgCYlcLnVUNKK2pDGLmDeB1p0BphiagHwYYTy3GNMvVgM3/6heaXSrn
u8ATglW6ogt7iBZMNuLAwfxx50fthQPiJcbweNvNewFRawAN06A=
=Htc5
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1741-1] php5 security update
Previous by thread: [SECURITY] [DLA 1741-1] php5 security update
Index(es):
- Date
- Thread