Debian Security Advisory
DSA-1601-1 wordpress -- several vulnerabilities
- Date Reported:
- 04 Jul 2008
- Affected Packages:
- wordpress
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 437085, Bug 464170.
In Mitre's CVE dictionary: CVE-2007-1599, CVE-2008-0664. - More information:
-
Several remote vulnerabilities have been discovered in Wordpress, the weblog manager. The Common Vulnerabilities and Exposures project identifies the following problems:
- CVE-2007-1599
WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information.
- CVE-2008-0664
The XML-RPC implementation, when registration is enabled, allows remote attackers to edit posts of other blog users.
For the stable distribution (etch), these problems have been fixed in version 2.0.10-1etch3.
For the unstable distribution (sid), these problems have been fixed in version 2.3.3-1.
We recommend that you upgrade your wordpress package.
- CVE-2007-1599
- Fixed in:
-
Debian GNU/Linux 4.0 (etch)
- Source:
- http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10.orig.tar.gz
- http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch3.dsc
- http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch3.diff.gz
- http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch3.dsc
- Architecture-independent component:
- http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch3_all.deb
MD5 checksums of the listed files are available in the original advisory.