FEDORA-EPEL-2015-8100 created by remi 6 years ago for Fedora EPEL 7
stable

WordPress 4.3.1 Security and Maintenance Release

Upstream announcement:

WordPress 4.3.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

This release addresses three issues, including two cross-site scripting vulnerabilities and a potential privilege escalation.

  • WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of Check Point.
  • A separate cross-site scripting vulnerability was found in the user list table. Reported by Ben Bidner of the WordPress security team.
  • Finally, in certain cases, users without proper permissions could publish private posts and make them sticky (CVE-2015-5715). Reported by Shahar Tal and Netanel Rubin of Check Point.

WordPress 4.3.1 also fixes twenty-six bugs. For more information, see the release notes or consult the list of changes.

This update has been submitted for testing by remi.

6 years ago

remi edited this update.

6 years ago

This update has been pushed to testing.

6 years ago

This update has been submitted for stable by remi.

6 years ago

This update has been pushed to stable.

6 years ago

Please login to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
6 years ago
in testing
6 years ago
in stable
6 years ago
modified
6 years ago
BZ#1263657 CVE-2015-5714 CVE-2015-5715 wordpress: XSS and permission issue fixed in wordpress 4.3.1
0
0
BZ#1263659 CVE-2015-5714 CVE-2015-5715 wordpress: XSS and permission issue fixed in wordpress 4.3.1 [epel-all]
0
0

Automated Test Results