-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2012-6494 2012-04-24 03:10:55 --------------------------------------------------------------------------------
Name : wordpress Product : Fedora 17 Version : 3.3.2 Release : 2.fc17 URL : http://www.wordpress.org Summary : Blog tool and publishing platform Description : Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. -------------------------------------------------------------------------------- Update Information: Uploading files related security issues were addressed by the upstream upgrade. -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 23 2012 'Matěj Cepl <[email protected]>' - 3.3.2-2 - Security updates for uploading files. * Fixed CVE-2011-0700: two XSS bug. Affects users of the Author or Contributor role. * Fixed CVE-2011-0701: potential information disclosure of posts through the media uploader. -------------------------------------------------------------------------------- References: [ 1 ] Bug #815384 - CVE-2012-2399 wordpress (X < 3.3.2): Unspecified vulnerability in SWFUpload https://bugzilla.redhat.com/show_bug.cgi?id=815384 [ 2 ] Bug #815387 - CVE-2012-2400 wordpress (X < v3.3.2): Unspecified vulnerability in the SWFObject https://bugzilla.redhat.com/show_bug.cgi?id=815387 [ 3 ] Bug #815388 - CVE-2012-2401 wordpress (X < v3.3.2): Plupload - Same origin policy bypass via crafted SWF content https://bugzilla.redhat.com/show_bug.cgi?id=815388 [ 4 ] Bug #815389 - CVE-2012-2402 wordpress (X < v3.3.2): Remote authenticated site administrators able to deactivate network-wide plugins under certain circumstances https://bugzilla.redhat.com/show_bug.cgi?id=815389 [ 5 ] Bug #815391 - CVE-2012-2403 wordpress (X < v3.3.2): XSS when making URLs clickable https://bugzilla.redhat.com/show_bug.cgi?id=815391 [ 6 ] Bug #815392 - CVE-2012-2404 wordpress (X < v3.3.2): XSS in redirects after posting comments, and when filtering URLs https://bugzilla.redhat.com/show_bug.cgi?id=815392 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update wordpress' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
