#2527 Outage - blogs.fedoraproject.org
Closed: Fixed None Opened 10 years ago by ricky.

= phenomenon =
blogs.fedoraproject.org has currently been preemptively taken down due to known security issues in our current version of wordpress.

= recommendation =
Update wordpress-mu or find a hotfix for this and any other known issues.

The bug in question is http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605603 (blog authors can perform SQL injection).

I've filed bugzilla bugs https://bugzilla.redhat.com/show_bug.cgi?id=664873 and https://bugzilla.redhat.com/show_bug.cgi?id=664886 to the wordpress-mu and wordpress packages.

This outage is now over, the db logs confirm that apart from our testing, the vulnerabilities were never exploited on our instance.

Login to comment on this ticket.