Advisories ยป MGASA-2013-0285

Updated wordpress and php-phpmailer packages fix security vulnerabilities

Publication date: 19 Sep 2013
Modification date: 19 Sep 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-4338 , CVE-2013-4339 , CVE-2013-4340 , CVE-2013-5738 , CVE-2013-5739

Description

wp-includes/functions.php in WordPress before 3.6.1 does not properly
determine whether data has been serialized, which allows remote
attackers to execute arbitrary code by triggering erroneous PHP
unserialize operations (CVE-2013-4338).

WordPress before 3.6.1 does not properly validate URLs before use in
an HTTP redirect, which allows remote attackers to bypass intended
redirection restrictions via a crafted string (CVE-2013-4339).

wp-admin/includes/post.php in WordPress before 3.6.1 allows remote
authenticated users to spoof the authorship of a post by leveraging
the Author role and providing a modified user_ID parameter
(CVE-2013-4340).

The get_allowed_mime_types function in wp-includes/functions.php in
WordPress before 3.6.1 does not require the unfiltered_html capability
for uploads of .htm and .html files, which might make it easier for
remote authenticated users to conduct cross-site scripting (XSS)
attacks via a crafted file (CVE-2013-5738).

The default configuration of WordPress before 3.6.1 does not prevent
uploads of .swf and .exe files, which might make it easier for remote
authenticated users to conduct cross-site scripting (XSS) attacks via
a crafted file, related to the get_allowed_mime_types function in
wp-includes/functions.php (CVE-2013-5739).

Additionally, php-phpmailer has been updated to a newer version required
by the updated wordpress.

References

SRPMS

2/core

3/core