Debian Security Advisory 3328-1

Debian Security Advisory 3328-1: Posted Aug 4, 2015; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3328-1 - Several vulnerabilities have been found in Wordpress, the popular blogging engine.; tags | advisory, vulnerability; systems | linux, debian; advisories | CVE-2015-3429, CVE-2015-5622, CVE-2015-5623; SHA-256 | 0fe2f36ccb4402230be9fa8cb3b4150d88175339d405b8222f84ef0ee4fb8c0c; Download | Favorite | View

Debian Security Advisory 3328-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3328-1                   security@debian.org
https://www.debian.org/security/                          Thijs Kinkhorst
August 04, 2015                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : wordpress
CVE ID         : CVE-2015-3429 CVE-2015-5622 CVE-2015-5623
Debian Bug     : 784603

Several vulnerabilities have been found in Wordpress, the popular
blogging engine.

CVE-2015-3429

    The file example.html in the Genericicons icon font package and
    twentyfifteen Wordpress theme allowed for cross site scripting.

CVE-2015-5622

    The robustness of the shortcodes HTML tags filter has been
    improved. The parsing is a bit more strict, which may affect
    your installation.

CVE-2015-5623

    A cross site scripting vulnerability allowed users with the
    Contributor or Author role to elevate their privileges.

The oldstable distribution (wheezy) is only affected by CVE-2015-5622.
This less critical issue will be fixed at a later time.

For the stable distribution (jessie), these problems have been fixed in
version 4.1+dfsg-1+deb8u2.

For the unstable distribution (sid), these problems have been fixed in
version 4.2.3+dfsg-1.

We recommend that you upgrade your wordpress packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJVwGDMAAoJEFb2GnlAHawEFsIH/RvaJbgXs3PFAKgpaPBk53+V
nBM/AZ3ismh8cwzrtdJFkrPu8UlpvODKS6I7fIiYYSc8/+zCg4iM9SoSr/HJuJ9Y
4bSEnQQq3k6JHxMt9CnZWi/lGvsrubEUuT9gVk8UjIm8dVNeqceuAzmpZSeD8IjB
GutG3zmt9JMZssX/2DRChEUymQwluBIEJEIbi4+7FLuaV7KB2epDR9vPTq+X4ieR
EiFOGpMjz3Gy1xRnh1f6kO59bnN3/655K4QIIf13DEQQ8peARkEu7j98Yoswfstl
BV0RbT3gDvxQSfxitNpIRtbLFOtl8D0c6zxQjyCLPYiSJ1wzQwyj0lMTC+tByzA=
=ELh1
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Debian Security Advisory 3328-1

Debian Security Advisory 3328-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 3328-1

Share This

Debian Security Advisory 3328-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems