-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-e37e1e6c7a 2022-01-16 00:57:03.087605 --------------------------------------------------------------------------------
Name : wordpress Product : Fedora 34 Version : 5.8.3 Release : 1.fc34 URL : http://www.wordpress.org Summary : Blog tool and publishing platform Description : Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web.
Important information in /usr/share/doc/wordpress/README.fedora
-------------------------------------------------------------------------------- Update Information:
**Security Updates** Four security issues affect WordPress versions between 3.7 and 5.8. If you haven���t yet updated to 5.8, all WordPress versions since 3.7 have also been updated to fix the following security issue (except where noted otherwise): * Props to Karim El Ouerghemmi and Simon Scannell of SonarSource for disclosing an issue with stored XSS through post slugs. * Props to Simon Scannell of SonarSource for reporting an issue with Object injection in some multisite installations. * Props to ngocnb and khuyenn from GiaoHangTietKiem JSC for working with Trend Micro Zero Day Initiative on reporting a SQL injection vulnerability in WP_Query. * Props to Ben Bidner from the WordPress security team for reporting a SQL injection vulnerability in WP_Meta_Query (only relevant to versions 4.1-5.8). -------------------------------------------------------------------------------- ChangeLog:
* Fri Jan 7 2022 Remi Collet remi@remirepo.net - 5.8.3-1 - WordPress 5.8.3 Security Release -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2039301 - CVE-2022-21661 wordpress: SQL injection via WP_Query https://bugzilla.redhat.com/show_bug.cgi?id=2039301 [ 2 ] Bug #2039306 - CVE-2022-21662 wordpress: stored XSS through authenticated users https://bugzilla.redhat.com/show_bug.cgi?id=2039306 [ 3 ] Bug #2039312 - CVE-2022-21663 wordpress: authenticated object injection in multisites https://bugzilla.redhat.com/show_bug.cgi?id=2039312 [ 4 ] Bug #2039317 - CVE-2022-21664 wordpress: SQL injection due to improper sanitization in WP_Meta_Query https://bugzilla.redhat.com/show_bug.cgi?id=2039317 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-e37e1e6c7a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
package-announce@lists.fedoraproject.org