Updated mediawiki packages fix security vulnerabilies
Publication date: 03 Dec 2014Modification date: 04 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-9276 , CVE-2014-9277
Description
In MediaWiki before 1.23.7, a missing CSRF check could allow reflected XSS on wikis that allow raw HTML (CVE-2014-9276). MediaWiki'smangling, in MediaWiki before 1.23.7, could allow an article editor to inject code into API consumers that blindly unserialize PHP representations of the page from the API (CVE-2014-9277). This update provides MediaWiki 1.23.7, which fixes these security issues and other bugs.
References
- https://bugs.mageia.org/show_bug.cgi?id=14711
- https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html
- http://openwall.com/lists/oss-security/2014/12/04/16
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9276
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9277
SRPMS
4/core
- mediawiki-1.23.7-1.mga4