Lucene search

DebianDEBIAN:DLA-1366-1:B18CC

HistoryApr 27, 2018 - 2:19 p.m.

[SECURITY] [DLA 1366-1] wordpress security update

2018-04-2714:19:04

lists.debian.org

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

7.1

Confidence

High

EPSS

0.005

Percentile

76.9%

JSON

Package : wordpress
Version : 3.6.1+dfsg-1~deb7u21
CVE ID : CVE-2018-10100 CVE-2018-10102
Debian Bug : 895034

Two vulnerabilities were discovered in wordpress, a web blogging
tool. The Common Vulnerabilities and Exposures project identifies the
following issues.

CVE-2018-10100

The redirection URL for the login page was not validated or sanitized
if forced to use HTTPS.

CVE-2018-10102

The version string was not escaped in the get_the_generator function,
and could lead to cross-site scripting (XSS) in a generator tag.

For Debian 7 "Wheezy", these problems have been fixed in version
3.6.1+dfsg-1~deb7u21.

We recommend that you upgrade your wordpress packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian9allwordpress-l10n< 4.7.5+dfsg-2+deb9u3wordpress-l10n_4.7.5+dfsg-2+deb9u3_all.deb
Debian9allwordpress-theme-twentyfifteen< 4.7.5+dfsg-2+deb9u3wordpress-theme-twentyfifteen_4.7.5+dfsg-2+deb9u3_all.deb
Debian8allwordpress< 4.1+dfsg-1+deb8u17wordpress_4.1+dfsg-1+deb8u17_all.deb
Debian9allwordpress-theme-twentysixteen< 4.7.5+dfsg-2+deb9u3wordpress-theme-twentysixteen_4.7.5+dfsg-2+deb9u3_all.deb
Debian7allwordpress-l10n< 3.6.1+dfsg-1~deb7u21wordpress-l10n_3.6.1+dfsg-1~deb7u21_all.deb
Debian9allwordpress< 4.7.5+dfsg-2+deb9u3wordpress_4.7.5+dfsg-2+deb9u3_all.deb
Debian9allwordpress-theme-twentyseventeen< 4.7.5+dfsg-2+deb9u3wordpress-theme-twentyseventeen_4.7.5+dfsg-2+deb9u3_all.deb
Debian8allwordpress-theme-twentyfifteen< 4.1+dfsg-1+deb8u17wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u17_all.deb
Debian8allwordpress-l10n< 4.1+dfsg-1+deb8u17wordpress-l10n_4.1+dfsg-1+deb8u17_all.deb
Debian7allwordpress< 3.6.1+dfsg-1~deb7u21wordpress_3.6.1+dfsg-1~deb7u21_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	all	wordpress-l10n	< 4.7.5+dfsg-2+deb9u3	wordpress-l10n_4.7.5+dfsg-2+deb9u3_all.deb
Debian	9	all	wordpress-theme-twentyfifteen	< 4.7.5+dfsg-2+deb9u3	wordpress-theme-twentyfifteen_4.7.5+dfsg-2+deb9u3_all.deb
Debian	8	all	wordpress	< 4.1+dfsg-1+deb8u17	wordpress_4.1+dfsg-1+deb8u17_all.deb
Debian	9	all	wordpress-theme-twentysixteen	< 4.7.5+dfsg-2+deb9u3	wordpress-theme-twentysixteen_4.7.5+dfsg-2+deb9u3_all.deb
Debian	7	all	wordpress-l10n	< 3.6.1+dfsg-1~deb7u21	wordpress-l10n_3.6.1+dfsg-1~deb7u21_all.deb
Debian	9	all	wordpress	< 4.7.5+dfsg-2+deb9u3	wordpress_4.7.5+dfsg-2+deb9u3_all.deb
Debian	9	all	wordpress-theme-twentyseventeen	< 4.7.5+dfsg-2+deb9u3	wordpress-theme-twentyseventeen_4.7.5+dfsg-2+deb9u3_all.deb
Debian	8	all	wordpress-theme-twentyfifteen	< 4.1+dfsg-1+deb8u17	wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u17_all.deb
Debian	8	all	wordpress-l10n	< 4.1+dfsg-1+deb8u17	wordpress-l10n_4.1+dfsg-1+deb8u17_all.deb
Debian	7	all	wordpress	< 3.6.1+dfsg-1~deb7u21	wordpress_3.6.1+dfsg-1~deb7u21_all.deb