Fedora 18 : wordpress-3.5.1-1.fc18 (2013-1774)

medium Nessus Plugin ID 64544

Synopsis

The remote Fedora host is missing a security update.

Description

WordPress 3.5.1 is now available. Version 3.5.1 is the first maintenance release of 3.5, fixing 37 bugs. It is also a security release for all previous WordPress versions. Which include :

- Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases.

- Media: Fix a collection of minor workflow and compatibility issues in the new media manager.

- Networks: Suggest proper rewrite rules when creating a new network.

- Prevent scheduled posts from being stripped of certain HTML, such as video embeds, when they are published.

- Work around some misconfigurations that may have caused some JavaScript in the WordPress admin area to fail.

- Suppress some warnings that could occur when a plugin misused the database or user APIs.

WordPress 3.5.1 also addresses the following security issues :

- A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team.
We'd like to thank security researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work.

- Two instances of cross-site scripting via shortcodes and post content. These issues were discovered by Jon Cave of the WordPress security team.

- A cross-site scripting vulnerability in the external library Plupload. Thanks to the Moxiecode team for working with us on this, and for releasing Plupload 1.5.5 to address this issue.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected wordpress package.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=904120

https://bugzilla.redhat.com/show_bug.cgi?id=904121

https://bugzilla.redhat.com/show_bug.cgi?id=904122

http://www.nessus.org/u?b8f719cf

Plugin Details

Severity: Medium

ID: 64544

File Name: fedora_2013-1774.nasl

Version: 1.11

Type: local

Agent: unix

Published: 2/11/2013

Updated: 1/11/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.8

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:wordpress, cpe:/o:fedoraproject:fedora:18

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2/1/2013

Reference Information

CVE: CVE-2013-0235

BID: 57554

FEDORA: 2013-1774