Security Information / 2016 / Security Information -- DSA-3472-1 wordpress

Debian Security Advisory

DSA-3472-1 wordpress -- security update

Date Reported:

08 Feb 2016

Affected Packages:

wordpress

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 813697.
In Mitre's CVE dictionary: CVE-2016-2221, CVE-2016-2222.

More information:

Two vulnerabilities were discovered in wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following problems:

• CVE-2016-2221

  Shailesh Suthar discovered an open redirection vulnerability.

• CVE-2016-2222

  Ronni Skansing discovered a server-side request forgery (SSRF) vulnerability.

For the oldstable distribution (wheezy), these problems have been fixed in version 3.6.1+dfsg-1~deb7u10.

For the stable distribution (jessie), these problems have been fixed in version 4.1+dfsg-1+deb8u8.

For the unstable distribution (sid), these problems have been fixed in version 4.4.2+dfsg-1.

We recommend that you upgrade your wordpress packages.