stable

wordpress-5.5.3-1.fc32

FEDORA-2020-b386fac43a created by remi 3 years ago for Fedora 32

WordPress 5.5.3 Maintenance Release

This maintenance release fixes an issue introduced in WordPress 5.5.2 which makes it impossible to install WordPress on a brand new website that does not have a database connection configured.


WordPress 5.5.2 Security and Maintenance Release

Security Updates

  • Props to Alex Concha of the WordPress Security Team for their work in hardening deserialization requests.
  • Props to David Binovec on a fix to disable spam embeds from disabled sites on a multisite network.
  • Thanks to Marc Montas from Sucuri for reporting an issue that could lead to XSS from global variables.
  • Thanks to Justin Tran who reported an issue surrounding privilege escalation in XML-RPC. He also found and disclosed an issue around privilege escalation around post commenting via XML-RPC.
  • Props to Omar Ganiev who reported a method where a DoS attack could lead to RCE.
  • Thanks to Karim El Ouerghemmi from RIPS who disclosed a method to store XSS in post slugs.
  • Thanks to Slavco for reporting, and confirmation from Karim El Ouerghemmi, a method to bypass protected meta that could lead to arbitrary file deletion.
  • Thanks to Erwan LR from WPScan who responsibly disclosed a method that could lead to CSRF.
  • And a special thanks to @zieladam who was integral in many of the releases and patches during this release.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2020-b386fac43a

This update has been submitted for testing by remi.

3 years ago

This update's test gating status has been changed to 'ignored'.

3 years ago

This update's test gating status has been changed to 'waiting'.

3 years ago

This update has obsoleted wordpress-5.5.2-1.fc32, and has inherited its bugs and notes.

3 years ago

This update's test gating status has been changed to 'ignored'.

3 years ago

This update has been pushed to testing.

3 years ago

remi edited this update.

3 years ago

remi edited this update.

3 years ago

This update can be pushed to stable now if the maintainer wishes

3 years ago

This update has been submitted for stable by bodhi.

3 years ago

This update has been pushed to stable.

3 years ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
3 years ago
in testing
3 years ago
in stable
3 years ago
modified
3 years ago
BZ#1894947 CVE-2020-28032 wordpress: hardening deserialization requests
0
0
BZ#1894948 CVE-2020-28032 wordpress: hardening deserialization requests [fedora-all]
0
0
BZ#1894954 CVE-2020-28033 wordpress: disable spam embeds from disabled sites on a multisite network
0
0
BZ#1894955 CVE-2020-28033 wordpress: disable spam embeds from disabled sites on a multisite network [fedora-all]
0
0
BZ#1894957 CVE-2020-28035 wordpress: XML-RPC privilege escalation
0
0
BZ#1894958 CVE-2020-28035 wordpress: XML-RPC privilege escalation [fedora-all]
0
0
BZ#1894962 CVE-2020-28034 wordpress: XSS via global variables
0
0
BZ#1894963 CVE-2020-28034 wordpress: XSS via global variables [fedora-all]
0
0
BZ#1894966 CVE-2020-28036 wordpress: privilege escalation by using XML-RPC to comment on a post
0
0
BZ#1894967 CVE-2020-28036 wordpress: privilege escalation by using XML-RPC to comment on a post [fedora-all]
0
0
BZ#1894969 CVE-2020-28037 wordpress: DoS attack could lead to RCE
0
0
BZ#1894970 CVE-2020-28037 wordpress: DoS attack could lead to RCE [fedora-all]
0
0
BZ#1894974 CVE-2020-28038 wordpress: stored XSS in post slugs
0
0
BZ#1894975 CVE-2020-28038 wordpress: stored XSS in post slugs [fedora-all]
0
0
BZ#1894982 CVE-2020-28039 wordpress: protected meta that could lead to arbitrary file deletion
0
0
BZ#1894983 CVE-2020-28039 wordpress: protected meta that could lead to arbitrary file deletion [fedora-all]
0
0
BZ#1894995 CVE-2020-28040 wordpress: CSRF attacks that change a theme's background image
0
0
BZ#1894996 CVE-2020-28040 wordpress: CSRF attacks that change a theme's background image [fedora-all]
0
0

Automated Test Results