MGASA-2013-0137
| Date: | May 9th, 2013 |
| Affected releases: | 2 |
| Media: | Core |
Description:
Updated wordpress package fixes security vulnerabilities:
A server-side request forgery vulnerability and remote port scanning using
pingbacks. This vulnerability, which could potentially be used to expose
information and compromise a site, affects WordPress before 3.5.1
(CVE-2013-0235).
Two instances of cross-site scripting via shortcodes and post content
(CVE-2013-0236).
A cross-site scripting vulnerability in the external library Plupload
(CVE-2013-0237).
Updated Packages:
i586:
wordpress-3.5.1-1.1.mga2.noarch.rpm
x86_64:
wordpress-3.5.1-1.1.mga2.noarch.rpm
SRPMS:
wordpress-3.5.1-1.1.mga2.src.rpm
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0236
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0237
https://wordpress.org/news/2013/01/wordpress-3-5-1/
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098476.html
https://bugs.mageia.org/show_bug.cgi?id=9030
