FEDORA-EPEL-2015-8100 — security update for wordpress

stable

wordpress-4.3.1-1.el7

FEDORA-EPEL-2015-8100 created by remi 10 years ago for Fedora EPEL 7

WordPress 4.3.1 Security and Maintenance Release

WordPress 4.3.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

This release addresses three issues, including two cross-site scripting vulnerabilities and a potential privilege escalation.

WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of Check Point.
A separate cross-site scripting vulnerability was found in the user list table. Reported by Ben Bidner of the WordPress security team.
Finally, in certain cases, users without proper permissions could publish private posts and make them sticky (CVE-2015-5715). Reported by Shahar Tal and Netanel Rubin of Check Point.

WordPress 4.3.1 also fixes twenty-six bugs. For more information, see the release notes or consult the list of changes.

This update has been submitted for testing by remi.

10 years ago

remi edited this update.

10 years ago

This update has been pushed to testing.

10 years ago

This update has been submitted for stable by remi.

10 years ago

This update has been pushed to stable.

10 years ago

Please log in to add feedback.

Metadata

Type

security

Karma

Signed

Content Type

RPM

Test Gating

None

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

disabled

Dates

submitted

10 years ago

in testing

10 years ago

in stable

10 years ago

modified

10 years ago

Builds

wordpress-4.3.1-1.el7

BZ#1263657 CVE-2015-5714 CVE-2015-5715 wordpress: XSS and permission issue fixed in wordpress 4.3.1

BZ#1263659 CVE-2015-5714 CVE-2015-5715 wordpress: XSS and permission issue fixed in wordpress 4.3.1 [epel-all]

wordpress-4.3.1-1.el7

Automated Test Results

None