- ------------------------------------------------------------------------Debian Security Advisory DSA-1601-1                  security@debian.org
http://www.debian.org/security/                          Thijs Kinkhorst
July 04, 2008                         http://www.debian.org/security/faq
- ------------------------------------------------------------------------Package        : wordpress
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2007-1599 CVE-2008-0664
Debian Bug     : 437085 464170

Several remote vulnerabilities have been discovered in Wordpress,
the weblog manager. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2007-1599

    WordPress allows remote attackers to redirect authenticated users
    to other websites and potentially obtain sensitive information.

CVE-2008-0664

    The XML-RPC implementation, when registration is enabled, allows
    remote attackers to edit posts of other blog users.

For the stable distribution (etch), these problems have been fixed in
version 2.0.10-1etch3.

For the unstable distribution (sid), these problems have been fixed in
version 2.3.3-1.

We recommend that you upgrade your wordpress package.

Upgrade instructions
- --------------------wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------Source archives:

      Size/MD5 checksum:   520314 e9d5373b3c6413791f864d56b473dd54
      Size/MD5 checksum:      891 d925a63731976b72ad35e4c1805623bf
      Size/MD5 checksum:    46073 486916bd4fc6463181eaba84fdc2db31

Architecture independent packages:

      Size/MD5 checksum:   527158 280ba949f5c38079d2209a468697fb00


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Debian: New wordpress packages fix several vulnerabilities

July 4, 2008
WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information.

Summary


WordPress allows remote attackers to redirect authenticated users
to other websites and potentially obtain sensitive information.

CVE-2008-0664

The XML-RPC implementation, when registration is enabled, allows
remote attackers to edit posts of other blog users.

For the stable distribution (etch), these problems have been fixed in
version 2.0.10-1etch3.

For the unstable distribution (sid), these problems have been fixed in
version 2.3.3-1.

We recommend that you upgrade your wordpress package.

Upgrade instructions
- --------------------wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch

Size/MD5 checksum: 520314 e9d5373b3c6413791f864d56b473dd54
Size/MD5 checksum: 891 d925a63731976b72ad35e4c1805623bf
Size/MD5 checksum: 46073 486916bd4fc6463181eaba84fdc2db31

Architecture independent packages:

Size/MD5 checksum: 527158 280ba949f5c38079d2209a468697fb00


These files will probably be moved into the stable distribution on
its next update.

For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Severity

Related News

11.Locks IsometricPattern Esm H320
2 - 3 min read
The Kinsing hacker group, or H2Miner, has been orchestrating illicit cryptocurrency mining campaigns since 2019 and poses a persistent security
32.Lock Code Circular Esm H320
2 - 3 min read
The Kimsuky APT group, reportedly linked to North Korea's Reconnaissance General Bureau (RGB), has been identified deploying a Linux version of its
4.Lock AbstractDigital Esm H320
2 - 3 min read
Recent research sheds light on the security vulnerabilities prevalent in Linux vendor kernels due to flawed engineering processes that backport
28.Lock Globe Esm H320
1 - 2 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in
6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved