17 July 2018
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2018.0157 WordPress 4.9.7 Security and Maintenance Release 17 July 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: WordPress Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Delete Arbitrary Files -- Existing Account Resolution: Patch/Upgrade Member content until: Thursday, August 16 2018 OVERVIEW A vulnerability has been identified in Wordpress versions prior to 4.9.7  IMPACT Wordpress has provided the following information regarding the vulnerability: "WordPress versions 4.9.6 and earlier are affected by a media issue that could potentially allow a user with certain capabilities to attempt to delete files outside the uploads directory."  MITIGATION "Download WordPress 4.9.7 or venture over to Dashboard -> Updates and click "Update Now." Sites that support automatic background updates are already beginning to update automatically. The previously scheduled 4.9.7 is now referred to as 4.9.8, and will follow the release schedule posted yesterday."  REFERENCES  WordPress 4.9.7 Security and Maintenance Release https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/ AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: firstname.lastname@example.org Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW01gRGaOgq3Tt24GAQhX1A//dKdqOnFBhbG+gBIZ9tnL+mTw2YZiMrfk iFiM4TNUZ2Kp9t06xPW+VYCBWEVG+WpH/VprmcYjHdfCP/znsmTFhWBlsgf/zmEc tryJPrjT1jIam4utbxMG1ZqnqtOqY8wiZfUgd+HBl/8364on9p+PIRDrfAw4skc8 EoVztOnxFqUS8KHvUDi5nG/xElLAKqp+P+pBfXpOvbf9cicYPkQvFo1Hkbb0E1ou GVgpwc74efKtM6F4ICKVDbBGyjW0FAXXJYBek6GSTJ74pAKp+FuPk9hhNjq41vpA umJgDhVl3Tk/FlgqbXerhBYbxPO1L9OzBsS+k8WB8zFhLL3L1PfA8QEl7bJ2/uVa EexKBd7JTH+MJf+vVh/9rb0LCLRO6jhRi29o1a5r4/Mnw2IX4p43K118E9PXx0AZ q+8nw0am/mKpy8wg+lPKTvGxT6+VAWRvz3LLWRsaQDiH3t+/bCgaJsTVrqW3bDQ8 ozKCoe2c8LUAFsSsnjgg5LDNIqqL5vfpDxHC9C5I8JmkwOKmS95mhknFAXNgkuVF Mw503JNuY+cT5a7HR632q7t/uJMi3mz1B1Wl7k3og9sZDHs8Clam2Z3PlO1kQTHi nLKiHylvt127TbIRYyK9xg+wLrf4v0DlKhah70rnD7ULU1wJxVP4RVfPFA0q0Xjm /8BtpoDM4ZA= =OTiB -----END PGP SIGNATURE-----