FEDORA-EPEL-2020-a5abe545c6 created by remi 5 months ago for Fedora EPEL 7
stable

WordPress 5.1.8 Maintenance Release

This maintenance release fixes an issue introduced in WordPress 5.1.7 which makes it impossible to install WordPress on a brand new website that does not have a database connection configured.


WordPress 5.1.7 Security Release

Security Updates

  • Props to Alex Concha of the WordPress Security Team for their work in hardening deserialization requests.
  • Props to David Binovec on a fix to disable spam embeds from disabled sites on a multisite network.
  • Thanks to Marc Montas from Sucuri for reporting an issue that could lead to XSS from global variables.
  • Thanks to Justin Tran who reported an issue surrounding privilege escalation in XML-RPC. He also found and disclosed an issue around privilege escalation around post commenting via XML-RPC.
  • Props to Omar Ganiev who reported a method where a DoS attack could lead to RCE.
  • Thanks to Karim El Ouerghemmi from RIPS who disclosed a method to store XSS in post slugs.
  • Thanks to Slavco for reporting, and confirmation from Karim El Ouerghemmi, a method to bypass protected meta that could lead to arbitrary file deletion.
  • Thanks to Erwan LR from WPScan who responsibly disclosed a method that could lead to CSRF.
  • And a special thanks to @zieladam who was integral in many of the releases and patches during this release.

This update has been submitted for testing by remi.

5 months ago

This update's test gating status has been changed to 'ignored'.

5 months ago

This update's test gating status has been changed to 'waiting'.

5 months ago

This update has obsoleted wordpress-5.1.7-1.el7, and has inherited its bugs and notes.

5 months ago

This update's test gating status has been changed to 'ignored'.

5 months ago

This update has been pushed to testing.

5 months ago

remi edited this update.

5 months ago

remi edited this update.

5 months ago

This update can be pushed to stable now if the maintainer wishes

5 months ago

This update has been submitted for stable by bodhi.

5 months ago

This update has been pushed to stable.

5 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
5 months ago
in testing
5 months ago
in stable
5 months ago
modified
5 months ago
BZ#1894947 CVE-2020-28032 wordpress: hardening deserialization requests
0
0
BZ#1894949 CVE-2020-28032 wordpress: hardening deserialization requests [epel-all]
0
0
BZ#1894954 CVE-2020-28033 wordpress: disable spam embeds from disabled sites on a multisite network
0
0
BZ#1894956 CVE-2020-28033 wordpress: disable spam embeds from disabled sites on a multisite network [epel-all]
0
0
BZ#1894957 CVE-2020-28035 wordpress: XML-RPC privilege escalation
0
0
BZ#1894959 CVE-2020-28035 wordpress: XML-RPC privilege escalation [epel-all]
0
0
BZ#1894962 CVE-2020-28034 wordpress: XSS via global variables
0
0
BZ#1894964 CVE-2020-28034 wordpress: XSS via global variables [epel-all]
0
0
BZ#1894966 CVE-2020-28036 wordpress: privilege escalation by using XML-RPC to comment on a post
0
0
BZ#1894968 CVE-2020-28036 wordpress: privilege escalation by using XML-RPC to comment on a post [epel-all]
0
0
BZ#1894969 CVE-2020-28037 wordpress: DoS attack could lead to RCE
0
0
BZ#1894971 CVE-2020-28037 wordpress: DoS attack could lead to RCE [epel-all]
0
0
BZ#1894974 CVE-2020-28038 wordpress: stored XSS in post slugs
0
0
BZ#1894976 CVE-2020-28038 wordpress: stored XSS in post slugs [epel-all]
0
0
BZ#1894982 CVE-2020-28039 wordpress: protected meta that could lead to arbitrary file deletion
0
0
BZ#1894984 CVE-2020-28039 wordpress: protected meta that could lead to arbitrary file deletion [epel-all]
0
0
BZ#1894995 CVE-2020-28040 wordpress: CSRF attacks that change a theme's background image
0
0
BZ#1894997 CVE-2020-28040 wordpress: CSRF attacks that change a theme's background image [epel-all]
0
0

Automated Test Results