Gaahh. Am frühen morgen lese ich sowas immer gerne …

A vulnerability in the Snoopy library was announced today.  WordPress uses Snoopy to fetch the feeds shown in the Dashboard.   Although this seems to be a low risk vulnerability for WordPress users, we wanted to get an update out immediately.  2.6.3 is available for download right now.  If you don’t want to download the whole release to get the security fix, you can download the following two files and copy them over your 2.6.2 installation.

1. wp-includes/class-snoopy.php
2. wp-includes/version.php

Secunia selbst stuft die Sicherheitslücke als “critical” ein …

Secunia Advisory:
SA32361

Critical:

Highly critical

Description:
A vulnerability has been discovered in Snoopy, which can be exploited by malicious people to compromise a vulnerable system.
Input passed to the "_httpsrequest()" function isn’t properly sanitised before being used in an "exec()" call. This can be exploited to inject arbitrary shell commands via a script calling the "fetch()" or "submit()" function with an URL controlled by the attacker.

Naja – Update erledigt. Die zwei Files eben rüberschieben war ja auch kein Akt

31 Brainhits [?] Tags: luecke, problem, sicherheit, software, update, wordpress

Ganz doll kurze URL zu diesem Artikel: http://g3t.at/1g4