===================================================================== CERT-Renater Note d'Information No. 2007/VULN222 _____________________________________________________________________ DATE : 02/05/2007 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running wordpress. ====================================================================== - - ------------------------------------------------------------------------ Debian Security Advisory DSA-1285-1 security@debian.org http://www.debian.org/security/ Noah Meyerhans May 01, 2007 - - ------------------------------------------------------------------------ Package : wordpress Vulnerability : several Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-1622 CVE-2007-1893 CVE-2007-1894 CVE-2007-1897 CVE-2007-1622 Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF. CVE-2007-1893 WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post." CVE-2007-1894 Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function. CVE-2007-1897 SQL injection vulnerability in xmlrpc.php in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable. For the stable distribution (etch) these issues have been fixed in version 2.0.10-1. For the testing and unstable distributions (lenny and etch, respectively), these issues have been fixed in version 2.1.3-1 We recommend that you upgrade your wordpress package. Upgrade instructions - - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian (stable) - - --------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1.diff.gz Size/MD5 checksum: 8967 a9975366a65611eb333557603ca18b00 http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10.orig.tar.gz Size/MD5 checksum: 520314 e9d5373b3c6413791f864d56b473dd54 http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1.dsc Size/MD5 checksum: 561 baaa9fd3c5e532e30043b8a2a11be6aa Architecture independent packages: http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1_all.deb Size/MD5 checksum: 529582 369bb4778790a5b3aa79584bcc7ea8ec These files will probably be moved into the stable distribution on its next update. - - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================