1 |
type: security |
2 |
subject: Updated wordpress package fixes security vulnerabilities |
3 |
CVE: |
4 |
- CVE-2013-2173 |
5 |
- CVE-2013-2199 |
6 |
- CVE-2013-2200 |
7 |
- CVE-2013-2201 |
8 |
- CVE-2013-2202 |
9 |
- CVE-2013-2203 |
10 |
- CVE-2013-2204 |
11 |
- CVE-2013-2205 |
12 |
src: |
13 |
2: |
14 |
core: |
15 |
- wordpress-3.5.2-1.mga2 |
16 |
3: |
17 |
core: |
18 |
- wordpress-3.5.2-1.mga3 |
19 |
description: | |
20 |
A denial of service flaw was found in the way Wordpress, a blog tool and |
21 |
publishing platform, performed hash computation when checking password for |
22 |
password protected blog posts. A remote attacker could provide a specially- |
23 |
crafted input that, when processed by the password checking mechanism of |
24 |
Wordpress would lead to excessive CPU consumption (CVE-2013-2173). |
25 |
|
26 |
Inadequate SSRF protection for HTTP requests where the user can provide a |
27 |
URL can allow for attacks against the intranet and other sites. This is a |
28 |
continuation of work related to CVE-2013-0235, which was specific to SSRF |
29 |
in pingback requests and was fixed in 3.5.1 (CVE-2013-2199). |
30 |
|
31 |
Inadequate checking of a user's capabilities could allow them to publish |
32 |
posts when their user role should not allow for it; and to assign posts to |
33 |
other authors (CVE-2013-2200). |
34 |
|
35 |
Inadequate escaping allowed an administrator to trigger a cross-site |
36 |
scripting vulnerability through the uploading of media files and plugins |
37 |
(CVE-2013-2201). |
38 |
|
39 |
The processing of an oEmbed response is vulnerable to an XXE |
40 |
(CVE-2013-2202). |
41 |
|
42 |
If the uploads directory is not writable, error message data returned via |
43 |
XHR will include a full path to the directory (CVE-2013-2203). |
44 |
|
45 |
Content Spoofing in the MoxieCode (TinyMCE) MoxiePlayer project |
46 |
(CVE-2013-2204). |
47 |
|
48 |
Cross-domain XSS in SWFUpload (CVE-2013-2205). |
49 |
references: |
50 |
- https://bugs.mageia.org/show_bug.cgi?id=10596 |
51 |
- http://codex.wordpress.org/Version_3.5.2 |
52 |
- http://wordpress.org/news/2013/06/wordpress-3-5-2/ |
53 |
- https://bugzilla.redhat.com/show_bug.cgi?id=973254 |
54 |
- https://bugzilla.redhat.com/show_bug.cgi?id=976784 |