[Bug 663414] New: news/lizards wordpress update
https://bugzilla.novell.com/show_bug.cgi?id=663414 https://bugzilla.novell.com/show_bug.cgi?id=663414#c0 Summary: news/lizards wordpress update Classification: openSUSE Product: openSUSE.org Version: unspecified Platform: Other OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: Infrastructure AssignedTo: mehle@novell.com ReportedBy: hvogel@novell.com QAContact: lrupp@novell.com Found By: --- Blocker: --- there are several secutiry updates for wordpress available. Can you please update them? Thanks -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=663414 https://bugzilla.novell.com/show_bug.cgi?id=663414#c1 Matthew Ehle <mehle@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED --- Comment #1 from Matthew Ehle <mehle@novell.com> 2011-01-11 15:03:34 UTC --- It may take me some time to get to this, as there a number of high priority requests in my queue right now. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=663414 https://bugzilla.novell.com/show_bug.cgi?id=663414#c2 --- Comment #2 from Matthew Ehle <mehle@novell.com> 2011-01-18 17:27:34 UTC --- I have made the upgrades on test. We will have to wait until after blackout to upgrade production. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=663414 https://bugzilla.novell.com/show_bug.cgi?id=663414#c3 --- Comment #3 from Matthew Ehle <mehle@novell.com> 2011-01-18 17:34:13 UTC --- Created DEPLOY_00001175 in Clarity for the WP 3.0.4 release. Production release is scheduled for February 14th (first business day after blackout). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=663414 https://bugzilla.novell.com/show_bug.cgi?id=663414#c4 Roman Drahtmueller <draht@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |draht@novell.com, | |rjardine@novell.com Severity|Major |Critical --- Comment #4 from Roman Drahtmueller <draht@novell.com> 2011-01-25 15:09:05 UTC --- Hello Matthew, the update that was proposed is not about an eye candy issue, an annoyance or a functional bug that the users can theoretically live with. The said security vulnerability allows the attacker to add code to the server - resulting in remote access, and also in the addition to code that would be executed on the client side for secondary attacks. This is serious, and we get questions from our users why it isn't fixed (appended to the remark that they are on the server, basically). This issue does not tolerate any further delay, and immediate action needs to be taken. Specifically before the background of the blackout period a defacement of the webpages is by far less than acceptable. This is infrastructure that needs to be relied on; it has started backfiring already. Please also advise which additional security measures are in place for the affected servers (eg. AppArmor profiles). There is no doubt that the network-facing services need such protection in light of the administrative procedures that do not apply top priority to security updates. Thank you, Roman. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=663414 https://bugzilla.novell.com/show_bug.cgi?id=663414#c5 --- Comment #5 from Matthew Ehle <mehle@novell.com> 2011-01-25 15:45:03 UTC --- Can you please advise on what security issues you are talking about? I had reviewed the changelog for the update, and all I see is that the current release allows the possibility of XSS injection. While this is certainly not a light issue, XSS generally does not affect the integrity of the web servers themselves. If there is something in this that I am missing, please let me know. While we take standard security measures with the web servers, a vulnerability that allows an Apache/PHP exploitation needs to be addressed. I don't have much say in what I can do during Novell's blackout period. Generally, production changes are only allowed under extremely special circumstances and have to go through the approval of IS&T executives. If you could provide me as much information as you have, especially on issues that you have already seen, then we can look at starting those procedures. Feel free to message me directly on this, as I will be able to respond more quickly. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=663414 https://bugzilla.novell.com/show_bug.cgi?id=663414#c6 Robert Hodgkin <rhodgkin@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |rhodgkin@novell.com --- Comment #6 from Robert Hodgkin <rhodgkin@novell.com> 2011-01-25 20:25:27 UTC --- Matt, Let's look at moving this to production Feb 4 or 5, after quarter end, so there is less impact to closing the books. Please create a change control. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=663414 https://bugzilla.novell.com/show_bug.cgi?id=663414#c7 --- Comment #7 from Matthew Ehle <mehle@novell.com> 2011-01-27 18:20:22 UTC --- Very good, I will set up a change control to move this out on the 4th. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=663414 https://bugzilla.novell.com/show_bug.cgi?id=663414#c8 --- Comment #8 from Matthew Ehle <mehle@novell.com> 2011-01-31 16:36:06 UTC --- CRQ000000033148 is waiting approval to move to production on February 4th. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=663414 https://bugzilla.novell.com/show_bug.cgi?id=663414#c9 Matthew Ehle <mehle@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #9 from Matthew Ehle <mehle@novell.com> 2011-02-04 16:39:23 UTC --- All blogs have been updated to the latest version. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=663414 https://bugzilla.novell.com/show_bug.cgi?id=663414#c Matthew Ehle <mehle@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=663414 https://bugzilla.novell.com/show_bug.cgi?id=663414#c Matthew Ehle <mehle@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|VERIFIED |CLOSED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=663414 https://bugzilla.novell.com/show_bug.cgi?id=663414#c10 Christian Boltz <suse-beta@cboltz.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |suse-beta@cboltz.de --- Comment #10 from Christian Boltz <suse-beta@cboltz.de> 2011-02-08 18:41:52 CET --- FYI: The next wordpress security update is available :-/ - I just filed bug 670349 for it... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com