Advisories ยป MGASA-2014-0506

Updated mediawiki packages fix security vulnerabilies

Publication date: 03 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-9276 , CVE-2014-9277


In MediaWiki before 1.23.7, a missing CSRF check could allow reflected XSS
on wikis that allow raw HTML (CVE-2014-9276).

MediaWiki's  mangling, in MediaWiki before 1.23.7,
could allow an article editor to inject code into API consumers that blindly
unserialize PHP representations of the page from the API (CVE-2014-9277).

This update provides MediaWiki 1.23.7, which fixes these security issues and
other bugs.