Advisories ยป MGASA-2014-0157

Updated mediawiki packages fix CVE-2014-2665

Publication date: 03 Apr 2014
Modification date: 03 Apr 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-2665

Description

Updated mediawiki packages fix security vulnerability:

Login CSRF issue in MediaWiki before 1.22.5 in Special:ChangePassword, whereby
a user can be logged into an attackers account without being aware of it,
allowing the attacker to track the user's activity (CVE-2014-2665).

MediaWiki has been updated to version 1.22.5, fixing this and other issues.
                

References

SRPMS

4/core

3/core