Updated mediawiki packages fix CVE-2014-2665
Publication date: 03 Apr 2014Modification date: 03 Apr 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-2665
Description
Updated mediawiki packages fix security vulnerability:
Login CSRF issue in MediaWiki before 1.22.5 in Special:ChangePassword, whereby
a user can be logged into an attackers account without being aware of it,
allowing the attacker to track the user's activity (CVE-2014-2665).
MediaWiki has been updated to version 1.22.5, fixing this and other issues.
References
SRPMS
4/core
- mediawiki-1.22.5-1.mga4
3/core
- mediawiki-1.22.5-1.mga3