oss-security - Re: CVE request: Wordpress 2.8.6

Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Sun, 15 Nov 2009 10:43:23 +0000 (UTC)
From: security curmudgeon <jericho@...rition.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: Wordpress 2.8.6

On Sun, 15 Nov 2009, Alex Legler wrote:

: Wordpress released an update, fixing 2 issues:
: 
: "2.8.6 fixes two security problems that can be exploited by registered, 
: logged in users who have posting privileges.  If you have untrusted 
: authors on your blog, upgrading to 2.8.6 is recommended.
: 
: The first problem is an XSS vulnerability in Press This discovered by 
: Benjamin Flesch.  The second problem, discovered by Dawid Golunski, is 
: an issue with sanitizing uploaded file names that can be exploited in 
: certain Apache configurations. Thanks to Benjamin and Dawid for finding 
: and reporting these."
: 
: from
: http://wordpress.org/development/2009/11/wordpress-2-8-6-security-release/
: 
: I believe these are the matching tickets:
: Issue 1: http://core.trac.wordpress.org/ticket/11119
: Issue 2: http://core.trac.wordpress.org/ticket/11122

OSVDB   Disclosure              Title

59958 	2009-11-12 		WordPress /wp-includes/functions.php wp_check_filetype() Function File Upload Arbitrary Code Execution 

59959 	2009-11-12 		WordPress press-this.php Unspecified XSS

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.