Updated wordpress package fixes security vulnerability
Publication date: 10 Aug 2015Modification date: 10 Aug 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-2213 , CVE-2015-5730 , CVE-2015-5731 , CVE-2015-5732 , CVE-2015-5733 , CVE-2015-5734
Description
The wordpress package has been updated to version 3.9.8, fixing three
cross-site scripting issues (CVE-2015-5732, CVE-2015-5733, CVE-2015-5734),
a potential timing side-channel attack in Customizer (CVe-2015-5730), an
issue in Heartbeat where an attacker could lock a post from being edited
(CVE-2015-5731), and an SQL injection issue (CVE-2015-2213), as well
as other bugs. See the upstream announcement and release notes for more
details.
References
- https://bugs.mageia.org/show_bug.cgi?id=16531
- http://codex.wordpress.org/Version_3.9.8
- https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/
- http://openwall.com/lists/oss-security/2015/08/04/7
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2213
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5730
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5731
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5732
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5733
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5734
SRPMS
4/core
- wordpress-3.9.8-1.mga4