advisories/10596.adv

type: security
subject: Updated wordpress package fixes security vulnerabilities
CVE:
 - CVE-2013-2173
 - CVE-2013-2199
 - CVE-2013-2200
 - CVE-2013-2201
 - CVE-2013-2202
 - CVE-2013-2203
 - CVE-2013-2204
 - CVE-2013-2205
src:
  2:
   core:
     - wordpress-3.5.2-1.mga2
  3:
   core:
     - wordpress-3.5.2-1.mga3
description: |
  A denial of service flaw was found in the way Wordpress, a blog tool and
  publishing platform, performed hash computation when checking password for
  password protected blog posts. A remote attacker could provide a specially-
  crafted input that, when processed by the password checking mechanism of
  Wordpress would lead to excessive CPU consumption (CVE-2013-2173).
  
  Inadequate SSRF protection for HTTP requests where the user can provide a
  URL can allow for attacks against the intranet and other sites. This is a
  continuation of work related to CVE-2013-0235, which was specific to SSRF
  in pingback requests and was fixed in 3.5.1 (CVE-2013-2199).
  
  Inadequate checking of a user's capabilities could allow them to publish
  posts when their user role should not allow for it; and to assign posts to
  other authors (CVE-2013-2200).
  
  Inadequate escaping allowed an administrator to trigger a cross-site
  scripting vulnerability through the uploading of media files and plugins
  (CVE-2013-2201).
  
  The processing of an oEmbed response is vulnerable to an XXE
  (CVE-2013-2202).
  
  If the uploads directory is not writable, error message data returned via
  XHR will include a full path to the directory (CVE-2013-2203).
  
  Content Spoofing in the MoxieCode (TinyMCE) MoxiePlayer project
  (CVE-2013-2204).
  
  Cross-domain XSS in SWFUpload (CVE-2013-2205).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=10596
 - http://codex.wordpress.org/Version_3.5.2
 - http://wordpress.org/news/2013/06/wordpress-3-5-2/
 - https://bugzilla.redhat.com/show_bug.cgi?id=973254
 - https://bugzilla.redhat.com/show_bug.cgi?id=976784
ID: MGASA-2013-0198
1	type: security
2	subject: Updated wordpress package fixes security vulnerabilities
3	CVE:
4	- CVE-2013-2173
5	- CVE-2013-2199
6	- CVE-2013-2200
7	- CVE-2013-2201
8	- CVE-2013-2202
9	- CVE-2013-2203
10	- CVE-2013-2204
11	- CVE-2013-2205
12	src:
13	2:
14	core:
15	- wordpress-3.5.2-1.mga2
16	3:
17	core:
18	- wordpress-3.5.2-1.mga3
19	description: \|
20	A denial of service flaw was found in the way Wordpress, a blog tool and
21	publishing platform, performed hash computation when checking password for
22	password protected blog posts. A remote attacker could provide a specially-
23	crafted input that, when processed by the password checking mechanism of
24	Wordpress would lead to excessive CPU consumption (CVE-2013-2173).
25
26	Inadequate SSRF protection for HTTP requests where the user can provide a
27	URL can allow for attacks against the intranet and other sites. This is a
28	continuation of work related to CVE-2013-0235, which was specific to SSRF
29	in pingback requests and was fixed in 3.5.1 (CVE-2013-2199).
30
31	Inadequate checking of a user's capabilities could allow them to publish
32	posts when their user role should not allow for it; and to assign posts to
33	other authors (CVE-2013-2200).
34
35	Inadequate escaping allowed an administrator to trigger a cross-site
36	scripting vulnerability through the uploading of media files and plugins
37	(CVE-2013-2201).
38
39	The processing of an oEmbed response is vulnerable to an XXE
40	(CVE-2013-2202).
41
42	If the uploads directory is not writable, error message data returned via
43	XHR will include a full path to the directory (CVE-2013-2203).
44
45	Content Spoofing in the MoxieCode (TinyMCE) MoxiePlayer project
46	(CVE-2013-2204).
47
48	Cross-domain XSS in SWFUpload (CVE-2013-2205).
49	references:
50	- https://bugs.mageia.org/show_bug.cgi?id=10596
51	- http://codex.wordpress.org/Version_3.5.2
52	- http://wordpress.org/news/2013/06/wordpress-3-5-2/
53	- https://bugzilla.redhat.com/show_bug.cgi?id=973254
54	- https://bugzilla.redhat.com/show_bug.cgi?id=976784
55	ID: MGASA-2013-0198