Ticket #2527 (closed outage: fixed)

Opened 3 years ago

Last modified 3 years ago

Outage - blogs.fedoraproject.org

Reported by: ricky Owned by: webmaster
Priority: major Milestone: Fedora 15
Component: Web Content Version:
Severity: Normal Keywords:
Cc: Blocked By:
Blocking: Sensitive:

Description

phenomenon

blogs.fedoraproject.org has currently been preemptively taken down due to known security issues in our current version of wordpress.

recommendation

Update wordpress-mu or find a hotfix for this and any other known issues.

Change History

comment:1 Changed 3 years ago by ricky

The bug in question is http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605603 (blog authors can perform SQL injection).

I've filed bugzilla bugs https://bugzilla.redhat.com/show_bug.cgi?id=664873 and https://bugzilla.redhat.com/show_bug.cgi?id=664886 to the wordpress-mu and wordpress packages.

comment:2 Changed 3 years ago by ricky

  • Status changed from new to closed
  • Resolution set to fixed

This outage is now over, the db logs confirm that apart from our testing, the vulnerabilities were never exploited on our instance.

Note: See TracTickets for help on using tickets.