Advisories » MGASA-2014-0197

Updated mediawiki packages fix security vulnerability

Publication date: 28 Apr 2014
Modification date: 08 May 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-2853

Description

Updated mediawiki packages fix security vulnerability:

XSS vulnerability in MediaWiki before 1.22.6, where if the default sort key
is set to a string containing a script, the script will be executed when the
page is viewed using the info action (CVE-2014-2853).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=13272
• https://bugzilla.wikimedia.org/show_bug.cgi?id=63251
• http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-April/000149.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2853

SRPMS

3/core

• mediawiki-1.22.6-1.mga3

4/core

• mediawiki-1.22.6-1.mga4