Format: 1.8 Date: Wed, 17 May 2017 14:03:33 -0400 Source: wordpress Binary: wordpress wordpress-l10n wordpress-theme-twentysixteen wordpress-theme-twentyfifteen wordpress-theme-twentyfourteen Architecture: source Version: 4.4.10+dfsg-0ubuntu0.16.04.1 Distribution: xenial-security Urgency: medium Maintainer: Ubuntu Developers Changed-By: Jeremy Bicha Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files wordpress-theme-twentyfourteen - weblog manager - twentyfourteen theme files wordpress-theme-twentysixteen - weblog manager - twentysixteen theme files Closes: 813697 828225 837090 851310 852767 857026 Launchpad-Bugs-Fixed: 1691520 Changes: wordpress (4.4.10+dfsg-0ubuntu0.16.04.1) xenial-security; urgency=medium . * SECURITY UPDATE: New upstream releases fix numerous security issues (LP: #1691520) * 4.4.10 fixes 6 security issues. CVE numbers are pending. Closes: #851310 - CVE-2017-XXX Insufficient redirect validation in the HTTP class. - CVE-2017-XXX Improper handling of post meta data values in the XML-RPC API. - CVE-2017-XXX Lack of capability checks for post meta data in the XML-RPC API. - CVE-2017-XXX A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialog. - CVE-2017-XXX A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files. - CVE-2017-XXX A cross-site scripting (XSS) vulnerability was discovered related to the Customizer. * 4.4.8 fixes 6 security issues. Closes: #857026 - CVE-2017-6814 Cross-site scripting (XSS) via media file metadata. - CVE-2017-6815 Control characters can trick redirect URL validation. - CVE-2017-6816 Unintended files can be deleted by administrators using the plugin deletion functionality. - CVE-2017-6817 Cross-site scripting (XSS) via video URL in YouTube embeds. - CVE-2017-6818 Cross-site scripting (XSS) via taxonomy term names. - CVE-2017-6819 Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources. * 4.4.7 fixes 3 security issues. Closes: #852767 - CVE-2017-5610 The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. - CVE-2017-5611 WP_Query is vulnerable to a SQL injection (SQLi) - CVE-2017-5612 XSS in the posts list table * 4.4.6 fixes 8 security issues. Closes: #851310 - CVE-2017-5493 Cryptographically Weak Pseudo-Random Number Generator - CVE-2017-5492 Accessibility Mode Cross-Site Request Forgery (CSRF) - CVE-2017-5491 Post via Email Checks mail.example.com by Default CVE-2017-5490 - Stored Cross-Site Scripting (XSS) via Theme Name fallback CVE-2017-5489 - Cross-Site Request Forgery (CSRF) via Flash Upload CVE-2017-5488 - Authenticated Cross-Site scripting (XSS) in update-core.php CVE-2017-5487 - User Information Disclosure via REST API CVE-2016-10066 - Potential Remote Command Execution (RCE) in PHPMailer * 4.4.5 fixes multiple security issues. Closes: #837090 - Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool. CVE-2016-6896 - Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer function. CVE-2016-6897 - Changeset 38538 sanitize filename in media CVE-2016-7168 - Changeset 38524 sanitize filename upload upgrader CVE-2016-7169 - WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address. CVE-2016-4029 - Cross-site scripting (XSS) vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CVE-2016-6634 - Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option. CVE-2016-6635 * 4.4.4 fixes multiple security issues. Closes: #828225 - Fixes CVE-2016-5834, CVE-2016-5838, CVE-2016-5839 - Changeset 37762 admin auth redirect - Changeset 37773 Customizer urls CVE-2016-5832 - Changeset 37781 Category check CVE-2016-5837 - Changeset 37790 admin escape attach - Changeset 37800 Revision capability CVE-2016-5835 - Changeset 37815 escape url permalinks - Changeset 37818 media extensionless filenames - Changeset 32387 CVE-2015-8834 XSS in comments * 4.4.3 fixes 2 security issues. Closes: #813697 - Changeset 36435 fixes SSRF for URLs CVE-2016-2222 - Changeset 36444 improved redirect checking CVE-2016-2221 Checksums-Sha1: 967deef34db03aba6507a7863ab08c22f0da5aa4 2663 wordpress_4.4.10+dfsg-0ubuntu0.16.04.1.dsc acf4172f281aa308c72b6b410b812572690d7f2f 5456040 wordpress_4.4.10+dfsg.orig.tar.xz c07059a2ccfeef1d2a9060ea546b5758fc7f23ab 6086964 wordpress_4.4.10+dfsg-0ubuntu0.16.04.1.debian.tar.xz Checksums-Sha256: 0373951859a2ce570aa1281a7f26f91d1c6fee7863989274bafbcad26461ce5c 2663 wordpress_4.4.10+dfsg-0ubuntu0.16.04.1.dsc 09545a74950e2e62deb163dc35c0eb3db2ca33e9ab43a7a85afcde7b1c20e60c 5456040 wordpress_4.4.10+dfsg.orig.tar.xz 32a428d9c39a580555b988221b7a673316c1ae78f43117e49418eb56b392e917 6086964 wordpress_4.4.10+dfsg-0ubuntu0.16.04.1.debian.tar.xz Files: b180734c51ebb152d25c5ea0bca54066 2663 web optional wordpress_4.4.10+dfsg-0ubuntu0.16.04.1.dsc 9f1b99491a10f284eaa237a17c952eb0 5456040 web optional wordpress_4.4.10+dfsg.orig.tar.xz a09768f70f60c1f47204e9f5e9fb74d0 6086964 web optional wordpress_4.4.10+dfsg-0ubuntu0.16.04.1.debian.tar.xz Original-Maintainer: Craig Small