--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2017-d968f5a95f
2017-05-25 19:36:40.050954
--------------------------------------------------------------------------------Name        : wordpress
Product     : Fedora 25
Version     : 4.7.5
Release     : 1.fc25
URL         : https://wordpress.org/
Summary     : Blog tool and publishing platform
Description :
Wordpress is an online publishing / weblog package that makes it very easy,
almost trivial, to get information out to people on the web.

Important information in /usr/share/doc/wordpress/README.fedora

--------------------------------------------------------------------------------Update Information:

**WordPress 4.7.5** is now available. This is a security release for all
previous versions and we strongly encourage you to update your sites
immediately.  WordPress versions 4.7.4 and earlier are affected by six security
issues:  *    Insufficient redirect validation in the HTTP class. Reported by
Ronni Skansing. *    Improper handling of post meta data values in the XML-RPC
API. Reported by Sam Thomas. *    Lack of capability checks for post meta data
in the XML-RPC API. Reported by Ben Bidner of the WordPress Security Team. *
A Cross Site Request Forgery (CRSF)  vulnerability was discovered in the
filesystem credentials dialog. Reported by Yorick Koster. *    A cross-site
scripting (XSS) vulnerability was discovered when attempting to upload very
large files. Reported by Ronni Skansing. *    A cross-site scripting (XSS)
vulnerability was discovered related to the Customizer. Reported by Weston Ruter
of the WordPress Security Team.  Thank you to the reporters of these issues for
practicing responsible disclosure.  In addition to the security issues above,
WordPress 4.7.5 contains 3 maintenance fixes to the 4.7 release series. For more
information, see the [release notes](https://wordpress.org/documentation/wordpress-version/version-4-7-5/
or consult the [list of changes](https://core.trac.wordpress.org/query?status=cl
osed&milestone=4.7.5&group=component&col=id&col=summary&col=component&col=status
&col=owner&col=type&col=priority&col=keywordsℴ=priority).
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade wordpress' at the command line.
For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora 25: wordpress Security Update

May 26, 2017
**WordPress 4.7.5** is now available

Summary

Wordpress is an online publishing / weblog package that makes it very easy,

almost trivial, to get information out to people on the web.

Important information in /usr/share/doc/wordpress/README.fedora

**WordPress 4.7.5** is now available. This is a security release for all

previous versions and we strongly encourage you to update your sites

immediately. WordPress versions 4.7.4 and earlier are affected by six security

issues: * Insufficient redirect validation in the HTTP class. Reported by

Ronni Skansing. * Improper handling of post meta data values in the XML-RPC

API. Reported by Sam Thomas. * Lack of capability checks for post meta data

in the XML-RPC API. Reported by Ben Bidner of the WordPress Security Team. *

A Cross Site Request Forgery (CRSF) vulnerability was discovered in the

filesystem credentials dialog. Reported by Yorick Koster. * A cross-site

scripting (XSS) vulnerability was discovered when attempting to upload very

large files. Reported by Ronni Skansing. * A cross-site scripting (XSS)

vulnerability was discovered related to the Customizer. Reported by Weston Ruter

of the WordPress Security Team. Thank you to the reporters of these issues for

practicing responsible disclosure. In addition to the security issues above,

WordPress 4.7.5 contains 3 maintenance fixes to the 4.7 release series. For more

information, see the [release notes](https://wordpress.org/documentation/wordpress-version/version-4-7-5/

or consult the [list of changes](https://core.trac.wordpress.org/query?status=cl

osed&milestone=4.7.5&group=component&col=id&col=summary&col=component&col=status

&col=owner&col=type&col=priority&col=keywordsℴ=priority).

su -c 'dnf upgrade wordpress' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

FEDORA-2017-d968f5a95f 2017-05-25 19:36:40.050954 Product : Fedora 25 Version : 4.7.5 Release : 1.fc25 URL : https://wordpress.org/ Summary : Blog tool and publishing platform Description : Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora **WordPress 4.7.5** is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.4 and earlier are affected by six security issues: * Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing. * Improper handling of post meta data values in the XML-RPC API. Reported by Sam Thomas. * Lack of capability checks for post meta data in the XML-RPC API. Reported by Ben Bidner of the WordPress Security Team. * A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialog. Reported by Yorick Koster. * A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files. Reported by Ronni Skansing. * A cross-site scripting (XSS) vulnerability was discovered related to the Customizer. Reported by Weston Ruter of the WordPress Security Team. Thank you to the reporters of these issues for practicing responsible disclosure. In addition to the security issues above, WordPress 4.7.5 contains 3 maintenance fixes to the 4.7 release series. For more information, see the [release notes](https://wordpress.org/documentation/wordpress-version/version-4-7-5/ or consult the [list of changes](https://core.trac.wordpress.org/query?status=cl osed&milestone=4.7.5&group=component&col=id&col=summary&col=component&col=status &col=owner&col=type&col=priority&col=keywordsℴ=priority). su -c 'dnf upgrade wordpress' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Change Log

References

Update Instructions

Severity
Product : Fedora 25
Version : 4.7.5
Release : 1.fc25
URL : https://wordpress.org/
Summary : Blog tool and publishing platform

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved