Category Archives: Advisories

USN-5685-1: FRR vulnerabilities

Read Time:22 Second

It was discovered that FRR incorrectly handled parsing certain BGP
messages. A remote attacker could possibly use this issue to cause FRR to
crash, resulting in a denial of service. (CVE-2022-37032)

It was discovered that FRR incorrectly handled processing certain BGP
messages. A remote attacker could possibly use this issue to cause FRR to
crash, resulting in a denial of service, obtain sensitive information,
or execute arbitrary code. (CVE-2022-37035)

Read More

wordpress-5.1.15-1.el7

Read Time:32 Second

FEDORA-EPEL-2022-42745d5b54

Packages in this update:

wordpress-5.1.15-1.el7

Update description:

WordPress 5.1.15 Security Release

Security updates included in this release

Media: Refactor search by filename within the admin,
REST API: Lockdown post parameter of the terms endpoint,
Customize: Escape blogname option in underscores templates,
Query: Validate relation in WP_Date_Query,
Posts, Post types: Apply KSES to post-by-email content,
General: Validate host on “Are you sure?” screen,
Posts, Post types: Remove emails from post-by-email logs,
Pings/trackbacks: Apply KSES to all trackbacks,
Mail: Reset PHPMailer properties between use,
Widgets: Escape RSS error messages for display.

Read More

wordpress-5.9.5-1.fc35

Read Time:1 Minute, 9 Second

FEDORA-2022-35ce8ecede

Packages in this update:

wordpress-5.9.5-1.fc35

Update description:

WordPress 5.9.5 Security Release

Security updates included in this release

Stored XSS via wp-mail.php (post by email) – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
Open redirect in wp_nonce_ays – devrayn
Sender’s email address is exposed in wp-mail.php – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
Media Library – Reflected XSS via SQLi – Ben Bidner from the WordPress security team and Marc Montpas from Automattic independently discovered this issue
CSRF in wp-trackback.php – Simon Scannell
Stored XSS via the Customizer – Alex Concha from the WordPress security team
Revert shared user instances introduced in 50790 – Alex Concha and Ben Bidner from the WordPress security team
Stored XSS in WordPress Core via Comment Editing – Third-party security audit and Alex Concha from the WordPress security team
Data exposure via the REST Terms/Tags Endpoint – Than Taintor
Content from multipart emails leaked – Thomas Kräftner
SQL Injection due to improper sanitization in WP_Date_Query – Michael Mazzolini
RSS Widget: Stored XSS issue – Third-party security audit
Stored XSS in the search block – Alex Concha of the WP Security team
Feature Image Block: XSS issue – Third-party security audit
RSS Block: Stored XSS issue – Third-party security audit
Fix widget block XSS – Third-party security audit

Read More

wordpress-6.0.3-1.el9

Read Time:1 Minute, 9 Second

FEDORA-EPEL-2022-a2b7e4338d

Packages in this update:

wordpress-6.0.3-1.el9

Update description:

WordPress 6.0.3 Security Release

Security updates included in this release

Stored XSS via wp-mail.php (post by email) – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
Open redirect in wp_nonce_ays – devrayn
Sender’s email address is exposed in wp-mail.php – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
Media Library – Reflected XSS via SQLi – Ben Bidner from the WordPress security team and Marc Montpas from Automattic independently discovered this issue
CSRF in wp-trackback.php – Simon Scannell
Stored XSS via the Customizer – Alex Concha from the WordPress security team
Revert shared user instances introduced in 50790 – Alex Concha and Ben Bidner from the WordPress security team
Stored XSS in WordPress Core via Comment Editing – Third-party security audit and Alex Concha from the WordPress security team
Data exposure via the REST Terms/Tags Endpoint – Than Taintor
Content from multipart emails leaked – Thomas Kräftner
SQL Injection due to improper sanitization in WP_Date_Query – Michael Mazzolini
RSS Widget: Stored XSS issue – Third-party security audit
Stored XSS in the search block – Alex Concha of the WP Security team
Feature Image Block: XSS issue – Third-party security audit
RSS Block: Stored XSS issue – Third-party security audit
Fix widget block XSS – Third-party security audit

Read More

wordpress-6.0.3-1.fc37

Read Time:1 Minute, 9 Second

FEDORA-2022-3c1f843ced

Packages in this update:

wordpress-6.0.3-1.fc37

Update description:

WordPress 6.0.3 Security Release

Security updates included in this release

Stored XSS via wp-mail.php (post by email) – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
Open redirect in wp_nonce_ays – devrayn
Sender’s email address is exposed in wp-mail.php – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
Media Library – Reflected XSS via SQLi – Ben Bidner from the WordPress security team and Marc Montpas from Automattic independently discovered this issue
CSRF in wp-trackback.php – Simon Scannell
Stored XSS via the Customizer – Alex Concha from the WordPress security team
Revert shared user instances introduced in 50790 – Alex Concha and Ben Bidner from the WordPress security team
Stored XSS in WordPress Core via Comment Editing – Third-party security audit and Alex Concha from the WordPress security team
Data exposure via the REST Terms/Tags Endpoint – Than Taintor
Content from multipart emails leaked – Thomas Kräftner
SQL Injection due to improper sanitization in WP_Date_Query – Michael Mazzolini
RSS Widget: Stored XSS issue – Third-party security audit
Stored XSS in the search block – Alex Concha of the WP Security team
Feature Image Block: XSS issue – Third-party security audit
RSS Block: Stored XSS issue – Third-party security audit
Fix widget block XSS – Third-party security audit

Read More

wordpress-6.0.3-1.fc36

Read Time:1 Minute, 9 Second

FEDORA-2022-4e099582c7

Packages in this update:

wordpress-6.0.3-1.fc36

Update description:

WordPress 6.0.3 Security Release

Security updates included in this release

Stored XSS via wp-mail.php (post by email) – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
Open redirect in wp_nonce_ays – devrayn
Sender’s email address is exposed in wp-mail.php – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
Media Library – Reflected XSS via SQLi – Ben Bidner from the WordPress security team and Marc Montpas from Automattic independently discovered this issue
CSRF in wp-trackback.php – Simon Scannell
Stored XSS via the Customizer – Alex Concha from the WordPress security team
Revert shared user instances introduced in 50790 – Alex Concha and Ben Bidner from the WordPress security team
Stored XSS in WordPress Core via Comment Editing – Third-party security audit and Alex Concha from the WordPress security team
Data exposure via the REST Terms/Tags Endpoint – Than Taintor
Content from multipart emails leaked – Thomas Kräftner
SQL Injection due to improper sanitization in WP_Date_Query – Michael Mazzolini
RSS Widget: Stored XSS issue – Third-party security audit
Stored XSS in the search block – Alex Concha of the WP Security team
Feature Image Block: XSS issue – Third-party security audit
RSS Block: Stored XSS issue – Third-party security audit
Fix widget block XSS – Third-party security audit

Read More