stable
FEDORA-2015-12750 created by remi 7 years ago for Fedora 23

WordPress 4.2.4 Security and Maintenance Release

WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov. It also includes a fix for a potential timing side-channel attack, discovered by Johannes Schmitt of Scrutinizer, and prevents an attacker from locking a post from being edited, discovered by Mohamed A. Baset.

Our thanks to those who have practiced responsible disclosure of security issues.

WordPress 4.2.4 also fixes four bugs. For more information, see: the release notes or consult the list of changes. * the release notes: https://codex.wordpress.org/Version_4.2.4 * the list of changes: https://core.trac.wordpress.org/log/branches/4.2?rev=33573&stop_rev=33396

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2015-12750

This update has been submitted for testing by remi.

7 years ago

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/113602/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/113602/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 23 testing updates repository.

7 years ago

This update has been pushed to testing

7 years ago
User Icon cicku provided feedback 7 years ago
karma

This update has reached 3 days in testing and can be pushed to stable now if the maintainer wishes

7 years ago

This update has been submitted for stable by remi.

7 years ago

Taskotron: upgradepath test PASSED on noarch. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/114668/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/114669/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/114669/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 23 stable updates repository.

7 years ago

This update is currently being pushed to the Fedora 23 stable updates repository.

7 years ago

This update has been pushed to stable

7 years ago

Please login to add feedback.

Metadata
Type
security
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
7 years ago
in testing
7 years ago
in stable
7 years ago
modified
7 years ago
BZ#1250583 CVE-2015-2213 CVE-2015-5730 CVE-2015-5731 CVE-2015-5732 CVE-2015-5733 CVE-2015-5734 wordpress: cross-site scripting vulnerabilities and a potential SQL injection
0
0
BZ#1250584 CVE-2015-2213 wordpress: cross-site scripting vulnerabilities and a potential SQL injection [fedora-all]
0
0

Automated Test Results