lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1VMfLp-0001pu-7l@titan.mandriva.com>
Date: Thu, 19 Sep 2013 16:37:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2013:239 ] wordpress

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2013:239
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : wordpress
 Date    : September 19, 2013
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated wordpress and php-phpmailer packages fix security
 vulnerabilities:
 
 wp-includes/functions.php in WordPress before 3.6.1 does not properly
 determine whether data has been serialized, which allows remote
 attackers to execute arbitrary code by triggering erroneous PHP
 unserialize operations (CVE-2013-4338).
 
 WordPress before 3.6.1 does not properly validate URLs before use in
 an HTTP redirect, which allows remote attackers to bypass intended
 redirection restrictions via a crafted string (CVE-2013-4339).
 
 wp-admin/includes/post.php in WordPress before 3.6.1 allows remote
 authenticated users to spoof the authorship of a post by leveraging the
 Author role and providing a modified user_ID parameter (CVE-2013-4340).
 
 The get_allowed_mime_types function in wp-includes/functions.php in
 WordPress before 3.6.1 does not require the unfiltered_html capability
 for uploads of .htm and .html files, which might make it easier for
 remote authenticated users to conduct cross-site scripting (XSS)
 attacks via a crafted file (CVE-2013-5738).
 
 The default configuration of WordPress before 3.6.1 does not prevent
 uploads of .swf and .exe files, which might make it easier for remote
 authenticated users to conduct cross-site scripting (XSS) attacks
 via a crafted file, related to the get_allowed_mime_types function
 in wp-includes/functions.php (CVE-2013-5739).
 
 Additionally, php-phpmailer has been updated to a newer version
 required by the updated wordpress.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4338
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4339
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4340
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5738
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5739
 http://advisories.mageia.org/MGASA-2013-0285.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 20b778e4dce88394ba3fe60f3db38ec6  mbs1/x86_64/php-phpmailer-5.2.7-0.20130917.1.mbs1.noarch.rpm
 9174445e9a2e76973bcbea3909ba8af7  mbs1/x86_64/wordpress-3.6.1-1.mbs1.noarch.rpm 
 afb38d03fc53350c03eba38eaea6561b  mbs1/SRPMS/php-phpmailer-5.2.7-0.20130917.1.mbs1.src.rpm
 ca3d0d9e13aacf26feab9382d20a0560  mbs1/SRPMS/wordpress-3.6.1-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFSOuIJmqjQ0CJFipgRAtpJAKDrZ1olC4YbT6b4n87N7Ya/IQmXSQCfWLZ1
6a7UtwzhkUzNWtS0JI13RdU=
=hn89
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ