Fedora 25: wordpress Security Update
Summary
Wordpress is an online publishing / weblog package that makes it very easy,
almost trivial, to get information out to people on the web.
Important information in /usr/share/doc/wordpress/README.fedora
**WordPress 4.7.5** is now available. This is a security release for all
previous versions and we strongly encourage you to update your sites
immediately. WordPress versions 4.7.4 and earlier are affected by six security
issues: * Insufficient redirect validation in the HTTP class. Reported by
Ronni Skansing. * Improper handling of post meta data values in the XML-RPC
API. Reported by Sam Thomas. * Lack of capability checks for post meta data
in the XML-RPC API. Reported by Ben Bidner of the WordPress Security Team. *
A Cross Site Request Forgery (CRSF) vulnerability was discovered in the
filesystem credentials dialog. Reported by Yorick Koster. * A cross-site
scripting (XSS) vulnerability was discovered when attempting to upload very
large files. Reported by Ronni Skansing. * A cross-site scripting (XSS)
vulnerability was discovered related to the Customizer. Reported by Weston Ruter
of the WordPress Security Team. Thank you to the reporters of these issues for
practicing responsible disclosure. In addition to the security issues above,
WordPress 4.7.5 contains 3 maintenance fixes to the 4.7 release series. For more
information, see the [release notes](https://wordpress.org/documentation/wordpress-version/version-4-7-5/)
or consult the [list of changes](https://core.trac.wordpress.org/query?status=cl
osed&milestone=4.7.5&group=component&col=id&col=summary&col=component&col=status
&col=owner&col=type&col=priority&col=keywordsℴ=priority).
su -c 'dnf upgrade wordpress' at the command line.
For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
FEDORA-2017-d968f5a95f 2017-05-25 19:36:40.050954 Product : Fedora 25 Version : 4.7.5 Release : 1.fc25 URL : https://wordpress.org/ Summary : Blog tool and publishing platform Description : Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora **WordPress 4.7.5** is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.4 and earlier are affected by six security issues: * Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing. * Improper handling of post meta data values in the XML-RPC API. Reported by Sam Thomas. * Lack of capability checks for post meta data in the XML-RPC API. Reported by Ben Bidner of the WordPress Security Team. * A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialog. Reported by Yorick Koster. * A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files. Reported by Ronni Skansing. * A cross-site scripting (XSS) vulnerability was discovered related to the Customizer. Reported by Weston Ruter of the WordPress Security Team. Thank you to the reporters of these issues for practicing responsible disclosure. In addition to the security issues above, WordPress 4.7.5 contains 3 maintenance fixes to the 4.7 release series. For more information, see the [release notes](https://wordpress.org/documentation/wordpress-version/version-4-7-5/) or consult the [list of changes](https://core.trac.wordpress.org/query?status=cl osed&milestone=4.7.5&group=component&col=id&col=summary&col=component&col=status &col=owner&col=type&col=priority&col=keywordsℴ=priority). su -c 'dnf upgrade wordpress' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Change Log
References