[SECURITY-L] WordPress 4.4.2 Security and Maintenance Release
CSIRT Unicamp
security em unicamp.br
Qua Fev 3 08:35:20 -02 2016
WordPress 4.4.2 is now available. This is a security release for all
previous versions and we strongly encourage you to update your sites
*immediately*.
WordPress versions 4.4.1 and earlier are affected by two security
issues: a possible SSRF for certain local URIs, reported by Ronni
Skansing; and an open redirection attack, reported by Shailesh Suthar.
Thank you to both reporters for practicing responsible disclosure.
In addition to the security issues above, WordPress 4.4.2 fixes 17 bugs
from 4.4 and 4.4.1. For more information, see the release notes or
consult the list of changes:
https://codex.wordpress.org/Version_4.4.2
https://core.trac.wordpress.org/query?milestone=4.4.2
Download WordPress 4.4.2 or venture over to Dashboard → Updates and
simply click “Update Now.” Sites that support automatic background
updates are already beginning to update to WordPress 4.4.2.
Refer:
https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
===
Computer Security Incident Response Team - CSIRT
Universidade Estadual de Campinas - Unicamp
Centro de Computacao - CCUEC
Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://www.listas.unicamp.br/pipermail/security-l/attachments/20160203/acdb4f62/attachment.html>
Mais detalhes sobre a lista de discussão SECURITY-L