SB2019030103 - Debian update for wordpress

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Security restrictions bypass (CVE-ID: CVE-2018-20147)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to unspecified flaw. A remote attacker can bypass security restrictions and alter meta data to delete files that he wasn't authorized to.

2) PHP object injection (CVE-ID: CVE-2018-20148)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to PHP object injection. A remote attacker can craft meta data in a way that resulted in PHP object injection and arbitrary code execution.

3) Cross-site scripting (CVE-ID: CVE-2018-20149)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker on Apache-hosted sites can upload specifically crafted files that bypass MIME verification, trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

4) Cross-site scripting (CVE-ID: CVE-2018-20150)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

5) Information disclosure (CVE-ID: CVE-2018-20151)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to the user activation screen can be indexed by search engines in some uncommon configurations. A remote attacker can access email addresses, and in some rare cases, default generated passwords.

6) Security restrictions bypass (CVE-ID: CVE-2018-20152)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to unspecified flaw. A remote attacker can bypass security restrictions and create posts of unauthorized post types with specially crafted input.

7) Stored cross-site scripting (CVE-ID: CVE-2018-20153)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can edit new comments from higher-privileged users, trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

8) Code injection (CVE-ID: CVE-2019-8942)

The vulnerability allows a remote attacker to execute PHP code on the target system.

The weakness exists due to an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. A remote attacker can upload a crafted image containing PHP code in the Exif metadata and execute arbitrary code.

Successful exploitation of the vulnerability allows to leverage SB2019022004.

Remediation

Install update from vendor's website.

References

• https://www.debian.org/security/2019/dsa-4401