Lucene search

K
mageiaGentoo FoundationMGASA-2014-0254
HistoryJun 06, 2014 - 2:27 p.m.

Updated wordpress package fixes multiple vulnerabilities

2014-06-0614:27:48
Gentoo Foundation
advisories.mageia.org
26

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

EPSS

0.014

Percentile

86.4%

Updated wordpress package fixes security vulnerabilities: WordPress before 3.7.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php (CVE-2014-0165). The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie (CVE-2014-0166). The wordpress package has been updated to version 3.9.1, fixing these and other issues.

OSVersionArchitecturePackageVersionFilename
Mageia3noarchwordpress< 3.9.1-1wordpress-3.9.1-1.mga3
Mageia4noarchwordpress< 3.9.1-1wordpress-3.9.1-1.mga4

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

EPSS

0.014

Percentile

86.4%