--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2017-338a3f27e5
2017-02-02 16:34:58.790182
--------------------------------------------------------------------------------
Name : wordpress
Product : Fedora 24
Version : 4.7.2
Release : 1.fc24
URL :
http://www.wordpress.org
Summary : Blog tool and publishing platform
Description :
Wordpress is an online publishing / weblog package that makes it very easy,
almost trivial, to get information out to people on the web.
Important information in /usr/share/doc/wordpress/README.fedora
--------------------------------------------------------------------------------
Update Information:
**WordPress 4.7.2 Security Release** WordPress 4.7.2 is now available. This is
a security release for all previous versions and we strongly encourage you to
update your sites immediately. WordPress versions 4.7.1 and earlier are
affected by three security issues: * The user interface for assigning
taxonomy terms in Press This is shown to users who do not have permissions to
use it. Reported by David Herrera of Alley Interactive. * WP_Query is
vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is
not directly vulnerable to this issue, but we���ve added hardening to prevent
plugins and themes from accidentally causing a vulnerability. Reported by Mo
Jangda (batmoo). * A cross-site scripting (XSS) vulnerability was discovered
in the posts list table. Reported by Ian Dunn of the WordPress Security Team.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1417158 - CVE-2017-5610 CVE-2017-5611 CVE-2017-5612 wordpress: Multiple
security fixes in 4.7.2
https://bugzilla.redhat.com/show_bug.cgi?id=1417158
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade wordpress' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------