Fedora 27 : wordpress (2018-d48955723f)

2018-04-16T00:00:00
ID FEDORA_2018-D48955723F.NASL
Type nessus
Reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2018-04-16T00:00:00

Description

WordPress 4.9.5 Security and Maintenance Release

WordPress 4.9.5 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.

WordPress versions 4.9.4 and earlier are affected by three security issues. As part of the core team's ongoing commitment to security hardening, the following fixes have been implemented in 4.9.5 :

  • Don't treat localhost as same host by default.

  • Use safe redirects when redirecting the login page if SSL is forced.

  • Make sure the version string is correctly escaped for use in generator tags.

Thank you to the reporters of these issues for practicing coordinated security disclosure: xknown of the WordPress Security Team, Nitin Venkatesh (nitstorm), and Garth Mortensen of the WordPress Security Team.

Twenty-five other bugs were fixed in WordPress 4.9.5. Particularly of note were :

  • The previous styles on caption shortcodes have been restored.

  • Cropping on touch screen devices is now supported.

  • A variety of strings such as error messages have been updated for better clarity.

  • The position of an attachment placeholder during uploads has been fixed.

  • Custom nonce functionality in the REST API JavaScript client has been made consistent throughout the code base.

  • Improved compatibility with PHP 7.2.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

                                        
                                            #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2018-d48955723f.
#

include("compat.inc");

if (description)
{
  script_id(109049);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_xref(name:"FEDORA", value:"2018-d48955723f");

  script_name(english:"Fedora 27 : wordpress (2018-d48955723f)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"**WordPress 4.9.5 Security and Maintenance Release**

WordPress 4.9.5 is now available. This is a security and maintenance
release for all versions since WordPress 3.7. We strongly encourage
you to update your sites immediately.

WordPress versions 4.9.4 and earlier are affected by three security
issues. As part of the core team's ongoing commitment to security
hardening, the following fixes have been implemented in 4.9.5 :

  - Don't treat localhost as same host by default.

  - Use safe redirects when redirecting the login page if
    SSL is forced.

  - Make sure the version string is correctly escaped for
    use in generator tags.

Thank you to the reporters of these issues for practicing
[coordinated security
disclosure](https://make.wordpress.org/core/handbook/testing/reporting
-security-vulnerabilities/):
[xknown](https://profiles.wordpress.org/xknown) of the WordPress
Security Team, [Nitin Venkatesh
(nitstorm)](https://hackerone.com/nitstorm), and [Garth
Mortensen](https://twitter.com/voldemortensen) of the WordPress
Security Team.

Twenty-five other bugs were fixed in WordPress 4.9.5. Particularly of
note were :

  - The previous styles on caption shortcodes have been
    restored.

  - Cropping on touch screen devices is now supported.

  - A variety of strings such as error messages have been
    updated for better clarity.

  - The position of an attachment placeholder during uploads
    has been fixed.

  - Custom nonce functionality in the REST API JavaScript
    client has been made consistent throughout the code
    base.

  - Improved compatibility with PHP 7.2.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-d48955723f"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://hackerone.com/nitstorm"
  );
  # https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?60126fdc"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://profiles.wordpress.org/xknown"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://twitter.com/voldemortensen"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected wordpress package."
  );
  script_set_attribute(attribute:"risk_factor", value:"High");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:wordpress");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:27");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/04/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/16");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^27([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 27", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC27", reference:"wordpress-4.9.5-1.fc27")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wordpress");
}