LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Shumway lands in Firefox

LWN.net Weekly Edition for October 3, 2013

Integrity and embedded devices

NUMA scheduling progress

LWN.net Weekly Edition for September 26, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Mageia alert MGASA-2013-0198 (wordpress)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2013-0198: Updated wordpress package fixes
 security vulnerabilities 


Date:
    	      Mon, 1 Jul 2013 21:19:25 +0200


Message-ID:
    	      <20130701191925.3E4D14277B@valstar.mageia.org>


Archive-link:
    	      Article, Thread
              


MGASA-2013-0198 - Updated wordpress package fixes security vulnerabilities

Publication date: 01 Jul 2013
URL: http://advisories.mageia.org/MGASA-2013-0198.html
Type: security
Affected Mageia releases: 2, 3
CVE: CVE-2013-2173,
     CVE-2013-2199,
     CVE-2013-2200,
     CVE-2013-2201,
     CVE-2013-2202,
     CVE-2013-2203,
     CVE-2013-2204,
     CVE-2013-2205

Description:
A denial of service flaw was found in the way Wordpress, a blog tool and
publishing platform, performed hash computation when checking password for
password protected blog posts. A remote attacker could provide a specially-
crafted input that, when processed by the password checking mechanism of
Wordpress would lead to excessive CPU consumption (CVE-2013-2173).

Inadequate SSRF protection for HTTP requests where the user can provide a
URL can allow for attacks against the intranet and other sites. This is a
continuation of work related to CVE-2013-0235, which was specific to SSRF
in pingback requests and was fixed in 3.5.1 (CVE-2013-2199).

Inadequate checking of a user's capabilities could allow them to publish
posts when their user role should not allow for it; and to assign posts to
other authors (CVE-2013-2200).

Inadequate escaping allowed an administrator to trigger a cross-site
scripting vulnerability through the uploading of media files and plugins
(CVE-2013-2201).

The processing of an oEmbed response is vulnerable to an XXE
(CVE-2013-2202).

If the uploads directory is not writable, error message data returned via
XHR will include a full path to the directory (CVE-2013-2203).

Content Spoofing in the MoxieCode (TinyMCE) MoxiePlayer project
(CVE-2013-2204).

Cross-domain XSS in SWFUpload (CVE-2013-2205).

References:
- https://bugs.mageia.org/show_bug.cgi?id=10596
- http://codex.wordpress.org/Version_3.5.2
- http://wordpress.org/news/2013/06/wordpress-3-5-2/
- https://bugzilla.redhat.com/show_bug.cgi?id=973254
- https://bugzilla.redhat.com/show_bug.cgi?id=976784
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2173
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2199
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2200
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2201
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2202
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2203
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2204
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2205

SRPMS:
- 3/core/wordpress-3.5.2-1.mga3
- 2/core/wordpress-3.5.2-1.mga2
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds