[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1980-1] wordpress security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : wordpress
Version        : 4.1.28+dfsg-0+deb8u1
CVE ID         : CVE-2019-17669 CVE-2019-17670 CVE-2019-17671
                 CVE-2019-17675
Debian Bug     : 942459


Several vulnerabilities in wordpress, a web blogging tool, have been
fixed.

CVE-2019-17669

    Server Side Request Forgery (SSRF) vulnerability because URL
    validation does not consider the interpretation of a name as a
    series of hex characters.

CVE-2019-17670

   Server Side Request Forgery (SSRF) vulnerability was reported in
   wp_validate_redirect(). Normalize the path when validating the
   location for relative URLs.

CVE-2019-17671

   Unauthenticated viewing of certain content (private or draft posts)
   is possible because the static query property is mishandled.

CVE-2019-17675

    Wordpress does not properly consider type confusion during
    validation of the referer in the admin pages. This vulnerability
    affects the check_admin_referer() WordPress function.

For Debian 8 "Jessie", these problems have been fixed in version
4.1.28+dfsg-0+deb8u1.

We recommend that you upgrade your wordpress packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIyBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl3BpYgACgkQhj1N8u2c
KO9uAg/3RBkjsr8Li/71+He8ggAiVXX5MUKvscMQlqR1kyunug2lZ47pBxZrrVF2
VjHqvcYd7av1W9h7hXF8xJ4nlh3l63nPrKsPXWS7UdaXRU4/LCIsbExO1MRIVpFv
uxVG3UxtrxZKYG1hLj0p1/m+ls/pwHYofX770MegamzWbbwJUchR+YaR+UtvJ422
5MDaDLaTDpmLdy0GrrIwxzJiM6Mr9RPh/gOgaOMce/J40vZhn2YmrxjYxrZ/NPiR
axDzod4JlqoFcMWF9MXYQ6GLh3pdQ6WKpk+/JKI4X/3JM4VMHcdbYDdk7gOiYcJO
QjLwo90816cE9Mg6LFVo/oT2HBW52SoD1pG73aVCCpbEVjuQXTP0Vnt8J15VM+ak
uDxUCnNZVz980Phx/aI0IKIOxhdtHtIlNvnRU1g769vMwzI54LcTXQhU97dADFfz
XFd73z/92DAA1Kru75qaEygxqbdxCy6j43jJKokl611nck5RMKdkn2TZ0zPFYvWc
2Zny9Sdudk+pvcMod9FPRDdXE5x6ejV2NaeDoIOXzGtPbW4/oEnO0VLZVnzxKmJQ
9+k1k2VbmQ1kHz3EVUTOLIb//4eyv8fQ0XUOXSf5mlvNLM80rAehYt90Hm8/3e6t
Do9sOZ3x3G95DsaRhoXWojlK9+wt8GROYDP7nJgGOMUJ1Sf2Cg==
=A8d4
-----END PGP SIGNATURE-----


Reply to: