Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.3415 wordpress security update 15 October 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: wordpress Publisher: Debian Operating System: Debian GNU/Linux UNIX variants (UNIX, Linux, OSX) Impact/Access: Cross-site Scripting -- Remote with User Interaction Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2021-39201 CVE-2021-39200 Original Bulletin: http://www.debian.org/security/2021/dsa-4985 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running wordpress check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4985-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond October 14, 2021 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : wordpress CVE ID : CVE-2021-39200 CVE-2021-39201 Debian Bug : 994059 994060 Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform Cross-Site Scripting (XSS) attacks or impersonate other users. For the oldstable distribution (buster), these problems have been fixed in version 5.0.14+dfsg1-0+deb10u1. For the stable distribution (bullseye), these problems have been fixed in version 5.7.3+dfsg1-0+deb11u1. We recommend that you upgrade your wordpress packages. For the detailed security status of wordpress please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wordpress Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAmFoP20ACgkQEL6Jg/PV nWQGCwf+M9e2+WroFur6XdYPJejF6VQAFRwobyLFZOvy3c0HXNlFugNd8pP2eMT9 X1wHpv4fEbOCqsUepuJ5N30oBlJj5oEgOX4R0yNIwsB7xWlzzEamrpqcpjc9IklJ Z7k9WPTEf1Clo6yIXHhRT3FlGM9lYlu0yuYwtLJf6vXOn3Ap3fUVbv5Xv4tCqqEl 33bmYbt7rFSkM5RN5tWAjtWS2rtxQR5xbZ7Y+303uGGwVfFWHPFuJo0hWWOx0JM3 qndCNkukwA4O2JAQcPtv3oN70kBiWbTKuQOvur4903qfMb4YUo5ga6lX4vwMDnEJ PyGZe7XmsXJXRgK9GLXFzQeyygzuvw== =Dh7P - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYWjg8eNLKJtyKPYoAQhOzg/9FW/uZ55XiCK4tFeTgb1FGQpLxx4LbLzy r1M9XS7UAgasyN/jTcMcNXeIHyyjPo5wrY4b0hRRbgQKOIvM5Eqlsbswc8OAVL+l cXYt6GR85Lg85AwZYgCXywrh0v8avHyzaEyLsgsj6UZy6EYdMYgo7ELRJUSWQeTw SRtNQGOt3X08RLUHrNOZYrcQ84VrANB2EYYgk4QT3MKn+kAsky5mGqWx89mcLuAO DpNwepc0YqpRZUX3q/tQUYMsMHzH8hTJ89L3E0SagcD1X4PlMfFyREAIhts+W8nU l7kWVwqmPpI85H4WZQmPTj82f1UYebd/7YqOqOMJEvxHtoHVEQO2WXyOVpKiyQ3W kzU7FSYIM5dCkdmOTUkTuy+ByYyer9XP2T2qCSGpidiOQS3URJfvl5aW0KFB1FIp pdjIICtwAlYbQ44B7eLBcxjckPSvu2Fsu7GI80zDpMn0D9lCarciiw2Cxq2r0xjF aaZt5oRCiF2fU2LIPMshJgWu2GQHz4R5ts9O4MNJXu1XXC6UPrjD9+PsZnxStGvY 5hOutkqZA72N3Wgxtrzo6aHvg0+oM4QvtaqxG2NKHce/yyWgVfGPCOQJH1zWOkcX NnnZsHbIEK2cu/V173LnkFbRFrPireHJMMr0D0300+IH7W2s4Xegdih6J9TwDIXZ xFbSK1WjE4k= =WF3S -----END PGP SIGNATURE-----