[manjaro-security] [arch-security] [ASA-201701-22] wordpress: multiple issues

Levente Polyak anthraxx at archlinux.org
Sun Jan 15 22:38:31 CET 2017


Arch Linux Security Advisory ASA-201701-22
==========================================

Severity: High
Date    : 2017-01-15
CVE-ID  : CVE-2016-10033 CVE-2016-10045 CVE-2017-5487 CVE-2017-5488
          CVE-2017-5489 CVE-2017-5490 CVE-2017-5491 CVE-2017-5492
          CVE-2017-5493
Package : wordpress
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-142

Summary
=======

The package wordpress before version 4.7.1-1 is vulnerable to multiple
issues including arbitrary code execution, cross-site scripting, access
restriction bypass, cross-site request forgery and insufficient
validation.

Resolution
==========

Upgrade to 4.7.1-1.

# pacman -Syu "wordpress>=4.7.1-1"

The problems have been fixed upstream in version 4.7.1.

Workaround
==========

None.

Description
===========

- CVE-2016-10033 (arbitrary code execution)

A vulnerability has been discovered in PHPMailer that could potentially
be used by unauthenticated remote attackers to achieve remote arbitrary
code execution in the context of the web server user and remotely
compromise the target web application. This issue can be triggered by
passing a maliciously crafted expression to the vulnerable application.

- CVE-2016-10045 (arbitrary code execution)

It has been discovered that the first patch of the vulnerability
CVE-2016-10033 in PHPMailer was incomplete and could potentially still
be used by unauthenticated remote attackers to achieve remote arbitrary
code execution in the context of the web server user and remotely
compromise the target web application. This issue can be triggered by
passing a maliciously crafted expression to the vulnerable application.

- CVE-2017-5487 (access restriction bypass)

A vulnerability has been discovered in wordpress exposing user data for
all users who had authored a post of a public post type via the REST
API. wordpress 4.7.1 limits this to only post types which have
specified that they should be shown within the REST API.

- CVE-2017-5488 (cross-site scripting)

A cross-site scripting (XSS) vulnerability has been discovered in
wordpress via the plugin name or version header on update-core.php.

- CVE-2017-5489 (cross-site request forgery)

A cross-site request forgery (CSRF) bypass has been discovered in
wordpress via uploading a Flash file.

- CVE-2017-5490 (cross-site scripting)

A cross-site scripting (XSS) vulnerability has been discovered in
wordpress via theme name fallback.

- CVE-2017-5491 (access restriction bypass)

A vulnerability has been discovered in wordpress allowing to post via
email as it checks for mail.example.com if default settings aren't
changed.

- CVE-2017-5492 (cross-site request forgery)

A cross-site request forgery (CSRF) vulnerability has been discovered
in wordpress in the accessibility mode of widget editing.

- CVE-2017-5493 (insufficient validation)

An insufficient validation vulnerability has been discovered in
wordpress leading to weak cryptographic security for multisite
activation key.

Impact
======

A remote attacker is able to perform a cross-site scripting or cross-
site request forgery attack or possibly execute arbitrary code on the
affected host.

References
==========

https://bugs.archlinux.org/task/52555
https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
http://seclists.org/oss-sec/2017/q1/95
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
https://github.com/WordPress/WordPress/commit/daf358983cc1ce0c77bf6d2de2ebbb43df2add60
https://github.com/WordPress/WordPress/commit/c9ea1de1441bb3bda133bf72d513ca9de66566c2
https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359
https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a
https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733
https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
https://security.archlinux.org/CVE-2016-10033
https://security.archlinux.org/CVE-2016-10045
https://security.archlinux.org/CVE-2017-5487
https://security.archlinux.org/CVE-2017-5488
https://security.archlinux.org/CVE-2017-5489
https://security.archlinux.org/CVE-2017-5490
https://security.archlinux.org/CVE-2017-5491
https://security.archlinux.org/CVE-2017-5492
https://security.archlinux.org/CVE-2017-5493

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.manjaro.org/pipermail/manjaro-security/attachments/20170115/daeece04/attachment.pgp>


More information about the manjaro-security mailing list