--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2017-4e01259678
2017-09-28 16:42:23.950107
--------------------------------------------------------------------------------
Name : wordpress
Product : Fedora 26
Version : 4.8.2
Release : 1.fc26
URL :
http://www.wordpress.org
Summary : Blog tool and publishing platform
Description :
Wordpress is an online publishing / weblog package that makes it very easy,
almost trivial, to get information out to people on the web.
Important information in /usr/share/doc/wordpress/README.fedora
--------------------------------------------------------------------------------
Update Information:
Upstream announcement: **WordPress 4.8.2 is now available**. This is a security
release for all previous versions and we strongly encourage you to update your
sites immediately. WordPress versions 4.8.1 and earlier are affected by these
security issues: * $wpdb->prepare() can create unexpected and unsafe queries
leading to potential SQL injection (SQLi). WordPress core is not directly
vulnerable to this issue, but we���ve added hardening to prevent plugins and
themes from accidentally causing a vulnerability. Reported by Slavco * A
cross-site scripting (XSS) vulnerability was discovered in the oEmbed discovery.
Reported by xknown of the WordPress Security Team. * A cross-site scripting
(XSS) vulnerability was discovered in the visual editor. Reported by Rodolfo
Assis (@brutelogic) of Sucuri Security. * A path traversal vulnerability was
discovered in the file unzipping code. Reported by Alex Chapman (noxrnet). *
A cross-site scripting (XSS) vulnerability was discovered in the plugin editor.
Reported by ��������� (Chen Ruiqi). * An open redirect was discovered on the user
and term edit screens. Reported by Yasin Soliman (ysx). * A path traversal
vulnerability was discovered in the customizer. Reported by Weston Ruter of the
WordPress Security Team. * A cross-site scripting (XSS) vulnerability was
discovered in template names. Reported by Luka (sikic). * A cross-site
scripting (XSS) vulnerability was discovered in the link modal. Reported by Anas
Roubi (qasuar). Thank you to the reporters of these issues for practicing
[responsible
disclosure](https://make.wordpress.org/core/handbook/testing
/reporting-security-vulnerabilities/). In addition to the security issues
above, WordPress 4.8.2 contains 6 maintenance fixes to the 4.8 release series.
For more information, see the [release
notes](https://codex.wordpress.org/Version_4.8.2) or consult the [list of change
s](https://core.trac.wordpress.org/query?status=closed&milestone=4.8....
ponent&col=id&col=summary&col=component&col=status&col=owner&col=type&col=priori
ty&col=keywords&order=priority). Thanks to everyone who contributed to 4.8.2.
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade wordpress' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------