[SECURITY] [DLA 1980-1] wordpress security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : wordpress
Version : 4.1.28+dfsg-0+deb8u1
CVE ID : CVE-2019-17669 CVE-2019-17670 CVE-2019-17671
CVE-2019-17675
Debian Bug : 942459
Several vulnerabilities in wordpress, a web blogging tool, have been
fixed.
CVE-2019-17669
Server Side Request Forgery (SSRF) vulnerability because URL
validation does not consider the interpretation of a name as a
series of hex characters.
CVE-2019-17670
Server Side Request Forgery (SSRF) vulnerability was reported in
wp_validate_redirect(). Normalize the path when validating the
location for relative URLs.
CVE-2019-17671
Unauthenticated viewing of certain content (private or draft posts)
is possible because the static query property is mishandled.
CVE-2019-17675
Wordpress does not properly consider type confusion during
validation of the referer in the admin pages. This vulnerability
affects the check_admin_referer() WordPress function.
For Debian 8 "Jessie", these problems have been fixed in version
4.1.28+dfsg-0+deb8u1.
We recommend that you upgrade your wordpress packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIyBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl3BpYgACgkQhj1N8u2c
KO9uAg/3RBkjsr8Li/71+He8ggAiVXX5MUKvscMQlqR1kyunug2lZ47pBxZrrVF2
VjHqvcYd7av1W9h7hXF8xJ4nlh3l63nPrKsPXWS7UdaXRU4/LCIsbExO1MRIVpFv
uxVG3UxtrxZKYG1hLj0p1/m+ls/pwHYofX770MegamzWbbwJUchR+YaR+UtvJ422
5MDaDLaTDpmLdy0GrrIwxzJiM6Mr9RPh/gOgaOMce/J40vZhn2YmrxjYxrZ/NPiR
axDzod4JlqoFcMWF9MXYQ6GLh3pdQ6WKpk+/JKI4X/3JM4VMHcdbYDdk7gOiYcJO
QjLwo90816cE9Mg6LFVo/oT2HBW52SoD1pG73aVCCpbEVjuQXTP0Vnt8J15VM+ak
uDxUCnNZVz980Phx/aI0IKIOxhdtHtIlNvnRU1g769vMwzI54LcTXQhU97dADFfz
XFd73z/92DAA1Kru75qaEygxqbdxCy6j43jJKokl611nck5RMKdkn2TZ0zPFYvWc
2Zny9Sdudk+pvcMod9FPRDdXE5x6ejV2NaeDoIOXzGtPbW4/oEnO0VLZVnzxKmJQ
9+k1k2VbmQ1kHz3EVUTOLIb//4eyv8fQ0XUOXSf5mlvNLM80rAehYt90Hm8/3e6t
Do9sOZ3x3G95DsaRhoXWojlK9+wt8GROYDP7nJgGOMUJ1Sf2Cg==
=A8d4
-----END PGP SIGNATURE-----
Reply to: