--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-e37e1e6c7a
2022-01-16 00:57:03.087605
--------------------------------------------------------------------------------
Name : wordpress
Product : Fedora 34
Version : 5.8.3
Release : 1.fc34
URL :
http://www.wordpress.org
Summary : Blog tool and publishing platform
Description :
Wordpress is an online publishing / weblog package that makes it very easy,
almost trivial, to get information out to people on the web.
Important information in /usr/share/doc/wordpress/README.fedora
--------------------------------------------------------------------------------
Update Information:
**Security Updates** Four security issues affect WordPress versions between 3.7
and 5.8. If you haven���t yet updated to 5.8, all WordPress versions since 3.7
have also been updated to fix the following security issue (except where noted
otherwise): * Props to Karim El Ouerghemmi and Simon Scannell of SonarSource
for disclosing an issue with stored XSS through post slugs. * Props to Simon
Scannell of SonarSource for reporting an issue with Object injection in some
multisite installations. * Props to ngocnb and khuyenn from GiaoHangTietKiem
JSC for working with Trend Micro Zero Day Initiative on reporting a SQL
injection vulnerability in WP_Query. * Props to Ben Bidner from the WordPress
security team for reporting a SQL injection vulnerability in WP_Meta_Query (only
relevant to versions 4.1-5.8).
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 7 2022 Remi Collet <remi(a)remirepo.net> - 5.8.3-1
- WordPress 5.8.3 Security Release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2039301 - CVE-2022-21661 wordpress: SQL injection via WP_Query
https://bugzilla.redhat.com/show_bug.cgi?id=2039301
[ 2 ] Bug #2039306 - CVE-2022-21662 wordpress: stored XSS through authenticated users
https://bugzilla.redhat.com/show_bug.cgi?id=2039306
[ 3 ] Bug #2039312 - CVE-2022-21663 wordpress: authenticated object injection in
multisites
https://bugzilla.redhat.com/show_bug.cgi?id=2039312
[ 4 ] Bug #2039317 - CVE-2022-21664 wordpress: SQL injection due to improper
sanitization in WP_Meta_Query
https://bugzilla.redhat.com/show_bug.cgi?id=2039317
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-e37e1e6c7a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------