Malware Devil

Loading...

Monday, September 14, 2020

ESB-2020.3139 – [Debian] wordpress: Multiple vulnerabilities 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3139
                         wordpress security update
                             14 September 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           wordpress
Publisher:         Debian
Operating System:  Debian GNU/Linux 9
Impact/Access:     Increased Privileges -- Existing Account      
                   Cross-site Scripting -- Existing Account      
                   Reduced Security     -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-4050 CVE-2020-4049 CVE-2020-4048
                   CVE-2020-4047 CVE-2019-17670 

Reference:         ESB-2020.2279
                   ESB-2020.2188
                   ESB-2019.4095

Original Bulletin: 
   https://www.debian.org/lts/security/2020/dla-2371

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2371-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                                     
September 11, 2020                            https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------

Package        : wordpress
Version        : 4.7.18+dfsg-1+deb9u1
CVE ID         : CVE-2019-17670 CVE-2020-4047 CVE-2020-4048 CVE-2020-4049 
                 CVE-2020-4050
Debian Bug     : 942459 962685

Multiple vulnerabilities were discovered in WordPress, a popular
content management framework.

CVE-2019-17670

    WordPress has a Server Side Request Forgery (SSRF) vulnerability
    because Windows paths are mishandled during certain validation of
    relative URLs.

CVE-2020-4047

    Authenticated users with upload permissions (like authors) are
    able to inject JavaScript into some media file attachment pages in
    a certain way. This can lead to script execution in the context of
    a higher privileged user when the file is viewed by them.

CVE-2020-4048

    Due to an issue in wp_validate_redirect() and URL sanitization, an
    arbitrary external link can be crafted leading to unintended/open
    redirect when clicked.

CVE-2020-4049

    When uploading themes, the name of the theme folder can be crafted
    in a way that could lead to JavaScript execution in /wp-admin on
    the themes page.

CVE-2020-4050

    Misuse of the `set-screen-option` filter's return value allows
    arbitrary user meta fields to be saved. It does require an admin
    to install a plugin that would misuse the filter. Once installed,
    it can be leveraged by low privileged users.

Additionally, this upload ensures latest comments can only be viewed
from public posts, and fixes back the user activation procedure.

For Debian 9 stretch, these problems have been fixed in version
4.7.18+dfsg-1+deb9u1.

We recommend that you upgrade your wordpress packages.

For the detailed security status of wordpress please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wordpress

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl9biOsACgkQj/HLbo2J
BZ8V4wf/X3WmFd55W0aOBFGIa9thn9+cxH1jPeuZZV7rpV62m4ink1em5exVhTTq
uJxnGLYUJtI/EZJKgC9J5mdHcDK4gewIJhe7qG+8hqpT4eWK2P4CQnRCR79VT/y0
J/s37C1BSXSgIz+XS2DuvCKT0fH65GU6zn4icICT2D479JOc4szX2tpLJGn45COC
+3xfiVLZeGRzy8oHBmDgQGb31mvWccNHYMEn/Hj5jt5zZ97b6q5UVQpO7N+b2GiQ
7aminxrxru8Uwm1gE6J0o9ay1tcawQjlbU08OQRt5K1Nw2BqmlaBTiODUNVO7AVz
iPxnc5bTdl7vr0j4dGubmepB0z2DEg==
=YoV6
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX17JruNLKJtyKPYoAQi08g/+N8BsPkn6o6rrF+FRwIECgkwVrQy1g0jK
yPAcVozKYfDaJ0eBF5S4QnA3q4ZP5M5prPTtLwYu34hbYVsIcP+0980sxM6gE/j3
Yp3rS4AxKA/q7GL9T1UhhLB+aIInPc7+f9mrqkOmidDMasEeYObPEsM0zvvhSys9
3qeBVN6WWtDfFhpu9k112rr5+Pcvu/V9ZWZ9PRFmTtBcjE87fx5Pvby7/LILiGBa
wiXa3XT78TxveUwiW76PXL7k72Ss+LX4dPJGyqYxL3f0O+Qz8MroIaeC6wQ3k049
08ekEZLUVyPaoBIZIJjPAzbjSQs1WxbajtsVQfHU1qnzgOEGNtom+9/fo1DhT2Ih
+yi/DH/smkY5mNhbQ2YVCmgZ7nsm+kYVYqzi0snAz1Td3FNoGv3FUqJ4O/O/5GkI
vcsv0TshYbjvcSRcYB6QSowiO/WnzupAWoKXDpynf9J9Lfhrcg8Z1zTHo5Paph9e
yRxq7yhA5o1RiUXC76lsXD6W6KMFREO4a4ZZZRK1hxiPlJe8MqzpGR+CCEZp/IPn
XoXxZnNMiUTt6SP2YghC6coilOh+NW4dkNlqGh2RZf7bdb4o6qsmulEpdfjWBUm9
kXsg2kzrhhxduo0W1GlfEMkrplGL94pE/dMb9Lim/PHJcGUzg1DH/DZKENSbE35g
/OVsp34O0dI=
=Iu1v
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3139 – [Debian] wordpress: Multiple vulnerabilities appeared first on Malware Devil.



https://malwaredevil.com/2020/09/14/esb-2020-3139-debian-wordpress-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3139-debian-wordpress-multiple-vulnerabilities
at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Barbary Pirates and Russian Cybercrime

In 1801, the United States had a small Navy. Thomas Jefferson deployed almost half that Navy—three frigates and a schooner—to the Barbary C...