Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2014-0493)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2014.0493

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2014-0493)

Zusammenfassung: The remote host is missing an update for the 'wordpress' package(s) announced via the MGASA-2014-0493 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'wordpress' package(s) announced via the MGASA-2014-0493 advisory.

Vulnerability Insight:
XSS in wptexturize() via comments or posts, exploitable for unauthenticated users (CVE-2014-9031).

XSS in media playlists (CVE-2014-9032).

CSRF in the password reset process (CVE-2014-9033).

Denial of service for giant passwords. The phpass library by Solar Designer
was used in both projects without setting a maximum password length, which
can lead to CPU exhaustion upon hashing (CVE-2014-9034).

XSS in Press This (CVE-2014-9035).

XSS in HTML filtering of CSS in posts (CVE-2014-9036).

Hash comparison vulnerability in old-style MD5-stored passwords
(CVE-2014-9037).

SSRF: Safe HTTP requests did not sufficiently block the loopback IP address
space (CVE-2014-9038).

Previously an email address change would not invalidate a previous password
reset email (CVE-2014-9039).

Affected Software/OS:
'wordpress' package(s) on Mageia 3, Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-9031
BugTraq ID: 71237
http://www.securityfocus.com/bid/71237
Debian Security Information: DSA-3085 (Google Search)
http://www.debian.org/security/2014/dsa-3085
http://seclists.org/fulldisclosure/2014/Nov/62
http://www.mandriva.com/security/advisories?name=MDVSA-2014:233
http://klikki.fi/adv/wordpress.html
http://openwall.com/lists/oss-security/2014/11/25/12
http://www.securitytracker.com/id/1031243
Common Vulnerability Exposure (CVE) ID: CVE-2014-9032
BugTraq ID: 71236
http://www.securityfocus.com/bid/71236
Common Vulnerability Exposure (CVE) ID: CVE-2014-9033
Common Vulnerability Exposure (CVE) ID: CVE-2014-9034
Common Vulnerability Exposure (CVE) ID: CVE-2014-9035
Common Vulnerability Exposure (CVE) ID: CVE-2014-9036
Common Vulnerability Exposure (CVE) ID: CVE-2014-9037
Common Vulnerability Exposure (CVE) ID: CVE-2014-9038
Common Vulnerability Exposure (CVE) ID: CVE-2014-9039

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2014.0493
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2014-0493)
Zusammenfassung:	The remote host is missing an update for the 'wordpress' package(s) announced via the MGASA-2014-0493 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'wordpress' package(s) announced via the MGASA-2014-0493 advisory. Vulnerability Insight: XSS in wptexturize() via comments or posts, exploitable for unauthenticated users (CVE-2014-9031). XSS in media playlists (CVE-2014-9032). CSRF in the password reset process (CVE-2014-9033). Denial of service for giant passwords. The phpass library by Solar Designer was used in both projects without setting a maximum password length, which can lead to CPU exhaustion upon hashing (CVE-2014-9034). XSS in Press This (CVE-2014-9035). XSS in HTML filtering of CSS in posts (CVE-2014-9036). Hash comparison vulnerability in old-style MD5-stored passwords (CVE-2014-9037). SSRF: Safe HTTP requests did not sufficiently block the loopback IP address space (CVE-2014-9038). Previously an email address change would not invalidate a previous password reset email (CVE-2014-9039). Affected Software/OS: 'wordpress' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-9031 BugTraq ID: 71237 http://www.securityfocus.com/bid/71237 Debian Security Information: DSA-3085 (Google Search) http://www.debian.org/security/2014/dsa-3085 http://seclists.org/fulldisclosure/2014/Nov/62 http://www.mandriva.com/security/advisories?name=MDVSA-2014:233 http://klikki.fi/adv/wordpress.html http://openwall.com/lists/oss-security/2014/11/25/12 http://www.securitytracker.com/id/1031243 Common Vulnerability Exposure (CVE) ID: CVE-2014-9032 BugTraq ID: 71236 http://www.securityfocus.com/bid/71236 Common Vulnerability Exposure (CVE) ID: CVE-2014-9033 Common Vulnerability Exposure (CVE) ID: CVE-2014-9034 Common Vulnerability Exposure (CVE) ID: CVE-2014-9035 Common Vulnerability Exposure (CVE) ID: CVE-2014-9036 Common Vulnerability Exposure (CVE) ID: CVE-2014-9037 Common Vulnerability Exposure (CVE) ID: CVE-2014-9038 Common Vulnerability Exposure (CVE) ID: CVE-2014-9039
Copyright	Copyright (C) 2022 Greenbone AG