wordpress (4.4.10+dfsg-0ubuntu0.16.04.1) xenial-security; urgency=medium
* SECURITY UPDATE: New upstream releases fix numerous security issues
(LP: #1691520)
* 4.4.10 fixes 6 security issues. CVE numbers are pending. Closes: #851310
- CVE-2017-XXX
Insufficient redirect validation in the HTTP class.
- CVE-2017-XXX
Improper handling of post meta data values in the XML-RPC API.
- CVE-2017-XXX
Lack of capability checks for post meta data in the XML-RPC API.
- CVE-2017-XXX
A Cross Site Request Forgery (CRSF) vulnerability was discovered
in the filesystem credentials dialog.
- CVE-2017-XXX
A cross-site scripting (XSS) vulnerability was discovered when
attempting to upload very large files.
- CVE-2017-XXX
A cross-site scripting (XSS) vulnerability was discovered related
to the Customizer.
* 4.4.8 fixes 6 security issues. Closes: #857026
- CVE-2017-6814
Cross-site scripting (XSS) via media file metadata.
- CVE-2017-6815
Control characters can trick redirect URL validation.
- CVE-2017-6816
Unintended files can be deleted by administrators using the plugin
deletion functionality.
- CVE-2017-6817
Cross-site scripting (XSS) via video URL in YouTube embeds.
- CVE-2017-6818
Cross-site scripting (XSS) via taxonomy term names.
- CVE-2017-6819
Cross-site request forgery (CSRF) in Press This leading to excessive
use of server resources.
* 4.4.7 fixes 3 security issues. Closes: #852767
- CVE-2017-5610
The user interface for assigning taxonomy terms in Press This is
shown to users who do not have permissions to use it.
- CVE-2017-5611
WP_Query is vulnerable to a SQL injection (SQLi)
- CVE-2017-5612
XSS in the posts list table
* 4.4.6 fixes 8 security issues. Closes: #851310
- CVE-2017-5493
Cryptographically Weak Pseudo-Random Number Generator
- CVE-2017-5492
Accessibility Mode Cross-Site Request Forgery (CSRF)
- CVE-2017-5491
Post via Email Checks mail.example.com by Default
CVE-2017-5490
- Stored Cross-Site Scripting (XSS) via Theme Name fallback
CVE-2017-5489
- Cross-Site Request Forgery (CSRF) via Flash Upload
CVE-2017-5488
- Authenticated Cross-Site scripting (XSS) in update-core.php
CVE-2017-5487
- User Information Disclosure via REST API
CVE-2016-10066
- Potential Remote Command Execution (RCE) in PHPMailer
* 4.4.5 fixes multiple security issues. Closes: #837090
- Directory traversal vulnerability in the wp_ajax_update_plugin function
in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote
authenticated users to cause a denial of service or read certain text
files via a .. (dot dot) in the plugin parameter to
wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations
that deplete the entropy pool.
CVE-2016-6896
- Cross-site request forgery (CSRF) vulnerability in the
wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php
in WordPress before 4.6 allows remote attackers to hijack the
authentication of subscribers for /dev/random read operations by
leveraging a late call to the check_ajax_referer function.
CVE-2016-6897
- Changeset 38538 sanitize filename in media CVE-2016-7168
- Changeset 38524 sanitize filename upload upgrader CVE-2016-7169
- WordPress before 4.5 does not consider octal and hexadecimal IP address
formats when determining an intranet address, which allows remote
attackers to bypass an intended SSRF protection mechanism via a crafted
address.
CVE-2016-4029
- Cross-site scripting (XSS) vulnerability in the network settings page in
WordPress before 4.5 allows remote attackers to inject arbitrary web
script or HTML via unspecified vectors.
CVE-2016-6634
- Cross-site request forgery (CSRF) vulnerability in the
wp_ajax_wp_compression_test function in
wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote
attackers to hijack the authentication of administrators for requests
that change the script compression option.
CVE-2016-6635
* 4.4.4 fixes multiple security issues. Closes: #828225
- Fixes CVE-2016-5834, CVE-2016-5838, CVE-2016-5839
- Changeset 37762 admin auth redirect
- Changeset 37773 Customizer urls CVE-2016-5832
- Changeset 37781 Category check CVE-2016-5837
- Changeset 37790 admin escape attach
- Changeset 37800 Revision capability CVE-2016-5835
- Changeset 37815 escape url permalinks
- Changeset 37818 media extensionless filenames
- Changeset 32387 CVE-2015-8834 XSS in comments
* 4.4.3 fixes 2 security issues. Closes: #813697
- Changeset 36435 fixes SSRF for URLs CVE-2016-2222
- Changeset 36444 improved redirect checking CVE-2016-2221
-- Jeremy Bicha <email address hidden> Wed, 17 May 2017 14:03:33 -0400