/[advisories]/10596.adv
ViewVC logotype

Contents of /10596.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 130 - (show annotations) (download)
Mon Jul 1 19:19:03 2013 UTC (3 years, 10 months ago) by boklm
File size: 2010 byte(s)
MGASA-2013-0198
1 type: security
2 subject: Updated wordpress package fixes security vulnerabilities
3 CVE:
4 - CVE-2013-2173
5 - CVE-2013-2199
6 - CVE-2013-2200
7 - CVE-2013-2201
8 - CVE-2013-2202
9 - CVE-2013-2203
10 - CVE-2013-2204
11 - CVE-2013-2205
12 src:
13 2:
14 core:
15 - wordpress-3.5.2-1.mga2
16 3:
17 core:
18 - wordpress-3.5.2-1.mga3
19 description: |
20 A denial of service flaw was found in the way Wordpress, a blog tool and
21 publishing platform, performed hash computation when checking password for
22 password protected blog posts. A remote attacker could provide a specially-
23 crafted input that, when processed by the password checking mechanism of
24 Wordpress would lead to excessive CPU consumption (CVE-2013-2173).
25
26 Inadequate SSRF protection for HTTP requests where the user can provide a
27 URL can allow for attacks against the intranet and other sites. This is a
28 continuation of work related to CVE-2013-0235, which was specific to SSRF
29 in pingback requests and was fixed in 3.5.1 (CVE-2013-2199).
30
31 Inadequate checking of a user's capabilities could allow them to publish
32 posts when their user role should not allow for it; and to assign posts to
33 other authors (CVE-2013-2200).
34
35 Inadequate escaping allowed an administrator to trigger a cross-site
36 scripting vulnerability through the uploading of media files and plugins
37 (CVE-2013-2201).
38
39 The processing of an oEmbed response is vulnerable to an XXE
40 (CVE-2013-2202).
41
42 If the uploads directory is not writable, error message data returned via
43 XHR will include a full path to the directory (CVE-2013-2203).
44
45 Content Spoofing in the MoxieCode (TinyMCE) MoxiePlayer project
46 (CVE-2013-2204).
47
48 Cross-domain XSS in SWFUpload (CVE-2013-2205).
49 references:
50 - https://bugs.mageia.org/show_bug.cgi?id=10596
51 - http://codex.wordpress.org/Version_3.5.2
52 - http://wordpress.org/news/2013/06/wordpress-3-5-2/
53 - https://bugzilla.redhat.com/show_bug.cgi?id=973254
54 - https://bugzilla.redhat.com/show_bug.cgi?id=976784
55 ID: MGASA-2013-0198

  ViewVC Help
Powered by ViewVC 1.1.26