Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5685-1] wordpress security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5685-1] wordpress security update


Chronologisch Thread  
  • From: Markus Koschany <apo AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5685-1] wordpress security update
  • Date: Wed, 8 May 2024 21:49:13 +0000
  • List-archive: https://lists.debian.org/msgid-search/ZjvzWe2CCOfhpEkK AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=C0n34YEiC6psR6C5IxKQ8zXMHF9k5D77OyaKrMzzqns=; b=qd eueYhFqRVYTO1OySQ5A2jkXiGgavPRR5TqASH8FvxqM3JfrB47rQZKlCvlfRHll75m+/2dCxvy1TA /88Drr+8RLy10FCgkYvJasuhnMYFTRpz+sYntHAPzt01a7/Cn0Rakwm69Zq6mGUScT11d96/JIfAN kcQG0XQQjDpYkWaCbn34SdlPCwGlJK58uhE725/7vLydpj028HSoFA8SX1n+zhsVKOJTPFMm62UIH GU3OsoN+H0NrmeIrXJC83+bG88y4F6uemrsKjeKYTFkc3bYG1Q6gBMFWMAJm3ORCaG7ghm9BCuel0 arK7Ee7Ep3mW3ZC0ta36r2zsthtz7hYA==;
  • Old-return-path: <apo AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Wed, 8 May 2024 22:06:13 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <4FGHTAx6jCM.A.MxB.Vd_OmB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5685-1 security AT debian.org
https://www.debian.org/security/ Markus Koschany
May 08, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : wordpress
CVE ID : CVE-2023-2745 CVE-2023-5561 CVE-2023-38000 CVE-2023-39999
CVE-2024-31210
Debian Bug : 1036296


Several security vulnerabilities have been discovered in Wordpress, a popular
content management framework, which may lead to exposure of sensitive
information to an unauthorized actor in WordPress or allowing unauthenticated
attackers to discern the email addresses of users who have published public
posts on an affected website via an Oracle style attack.

Furthermore this update resolves a possible cross-site-scripting
vulnerability,
a PHP File Upload bypass via the plugin installer and a possible remote code
execution vulnerability which requires an attacker to control all the
properties of a deserialized object though.

For the oldstable distribution (bullseye), these problems have been fixed
in version 5.7.11+dfsg1-0+deb11u1.

For the stable distribution (bookworm), these problems have been fixed in
version 6.1.6+dfsg1-0+deb12u1.

We recommend that you upgrade your wordpress packages.

For the detailed security status of wordpress please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wordpress

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmY78XJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRBIBAAlHttuzHU3awlLA5WFHprj6S3PJA2YQSQjt+Ejk+pFGVpHjs4/gaI8S/t
3rb9hEf2ClK6NdNxqAHSNzOuYLAG3S1rfATtQGfxEpYTBrngXKSUgFltElhRBACe
GOLxtfh7Yha94hbf/HBiFEpKEmFXLnmGuSv1M0z77SEcNEdQ0sd5Be5VDwKcxnY6
FYrrvoFjYUiDj66B19/B8ytUlRb7Mgr8KakqOiO6jzINL/mtJ52pcd63+JrkBF0L
8br30YKxII9Rb10ygBhl5AzjhC/yrQexVtYyK0l1avm7/JC08kxDch++ANRekCJA
kTx0ARi2AZJv1ktzm1DIfxNLrLtiCTJjSFFi6/WTCW3UAFNiVbEQOYal95lKBLXG
V6AJhYYYPI3rbwnUJX5FZn4PEKoHTXotuveqdGHF2727ROUrConLZrrBa/hovj7v
GPIe4SZZHLizK2CO84Gxgy7mI4F46I2C6TlIMvsJKyL1XUopti+Ds8f7e5AIgzB9
rSkYPTBfLsm5fIeVpodja1qJMQdo9NklnamaPnbjL8BTmExedf638WYJfMLBqgXY
Kl9M6uSwfBpl2dfvKqg2iUos359X65Nt+Cd3Ve5zsSigDssvsQ7YTV/TJHMavq6z
f294k2zHfMaCiathCpOayN8KFX7WHeBEL8N8j/bukYgFaHD8y5o=
=qCem
-----END PGP SIGNATURE-----



  • [IT-SecNots] [SECURITY] [DSA 5685-1] wordpress security update, Markus Koschany, 08.05.2024

Archiv bereitgestellt durch MHonArc 2.6.19+.

Seitenanfang