Advisories ยป MGASA-2014-0309

Updated mediawiki packages fix security vulnerabilities

Publication date: 05 Aug 2014
Modification date: 14 Aug 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-5241 , CVE-2014-5242 , CVE-2014-5243

Description

MediaWiki before 1.23.2 is vulnerable to JSONP injection in Flash
(CVE-2014-5241), XSS in mediawiki.page.image.pagination.js (CVE-2014-5242),
and clickjacking between OutputPage and ParserOutput (CVE-2014-5243).

This update provides MediaWiki 1.23.2, fixing these and other issues.
                

References

SRPMS

3/core

4/core