——————————————————————————–
Fedora Update Notification
FEDORA-2015-15981
2015-09-25 07:42:11.255884
——————————————————————————–
Name : wordpress
Product : Fedora 22
Version : 4.3.1
Release : 1.fc22
URL : http://www.wordpress.org
Summary : Blog tool and publishing platform
Description :
WordPress is an online publishing / weblog package that makes it very easy,
almost trivial, to get information out to people on the web.
Important information in /usr/share/doc/wordpress/README.fedora
——————————————————————————–
Update Information:
**WordPress 4.3.1 Security and Maintenance Release** [Upstream
announcement](https://wordpress.org/news/2015/09/wordpress-4-3-1/): WordPress
4.3.1 is now available. This is a security release for all previous versions and
we strongly encourage you to update your sites immediately. This release
addresses three issues, including two cross-site scripting vulnerabilities and a
potential privilege escalation. * WordPress versions 4.3 and earlier are
vulnerable to a cross-site scripting vulnerability when processing shortcode
tags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of Check Point. *
A separate cross-site scripting vulnerability was found in the user list table.
Reported by Ben Bidner of the WordPress security team. * Finally, in certain
cases, users without proper permissions could publish private posts and make
them sticky (CVE-2015-5715). Reported by Shahar Tal and Netanel Rubin of Check
Point. WordPress 4.3.1 also fixes twenty-six bugs. For more information, see
the [release notes](https://codex.wordpress.org/Version_4.3.1) or consult the
[list of changes](https://core.trac.wordpress.org/log/branches/4.3/?rev=34199&st
op_rev=33647).
——————————————————————————–
References:
[ 1 ] Bug #1263657 – CVE-2015-5714 CVE-2015-5715 wordpress: XSS and permission issue fixed in wordpress 4.3.1
https://bugzilla.redhat.com/show_bug.cgi?id=1263657
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update wordpress’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
——————————————————————————–
Fedora Update Notification
FEDORA-2015-15982
2015-09-25 07:40:56.700563
——————————————————————————–
Name : wordpress
Product : Fedora 21
Version : 4.3.1
Release : 1.fc21
URL : http://www.wordpress.org
Summary : Blog tool and publishing platform
Description :
WordPress is an online publishing / weblog package that makes it very easy,
almost trivial, to get information out to people on the web.
Important information in /usr/share/doc/wordpress/README.fedora
——————————————————————————–
Update Information:
**WordPress 4.3.1 Security and Maintenance Release** [Upstream
announcement](https://wordpress.org/news/2015/09/wordpress-4-3-1/): WordPress
4.3.1 is now available. This is a security release for all previous versions and
we strongly encourage you to update your sites immediately. This release
addresses three issues, including two cross-site scripting vulnerabilities and a
potential privilege escalation. * WordPress versions 4.3 and earlier are
vulnerable to a cross-site scripting vulnerability when processing shortcode
tags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of Check Point. *
A separate cross-site scripting vulnerability was found in the user list table.
Reported by Ben Bidner of the WordPress security team. * Finally, in certain
cases, users without proper permissions could publish private posts and make
them sticky (CVE-2015-5715). Reported by Shahar Tal and Netanel Rubin of Check
Point. WordPress 4.3.1 also fixes twenty-six bugs. For more information, see
the [release notes](https://codex.wordpress.org/Version_4.3.1) or consult the
[list of changes](https://core.trac.wordpress.org/log/branches/4.3/?rev=34199&st
op_rev=33647).
——————————————————————————–
References:
[ 1 ] Bug #1263657 – CVE-2015-5714 CVE-2015-5715 wordpress: XSS and permission issue fixed in wordpress 4.3.1
https://bugzilla.redhat.com/show_bug.cgi?id=1263657
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update wordpress’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce