Updated mediawiki packages fix security vulnerabilities
Publication date: 05 Aug 2014Modification date: 14 Aug 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-5241 , CVE-2014-5242 , CVE-2014-5243
Description
MediaWiki before 1.23.2 is vulnerable to JSONP injection in Flash
(CVE-2014-5241), XSS in mediawiki.page.image.pagination.js (CVE-2014-5242),
and clickjacking between OutputPage and ParserOutput (CVE-2014-5243).
This update provides MediaWiki 1.23.2, fixing these and other issues.
References
- https://bugs.mageia.org/show_bug.cgi?id=13833
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-July/000157.html
- http://openwall.com/lists/oss-security/2014/08/14/5
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5241
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5242
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5243
SRPMS
3/core
- mediawiki-1.23.2-1.mga3
4/core
- mediawiki-1.23.2-1.mga4