Advisories ยป MGASA-2014-0540

Updated docuwiki package fixes CVE-2014-9253

Publication date: 19 Dec 2014
Modification date: 19 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-9253

Description

Updated dokuwiki package fix a security vulnerability:

Our current dokuwiki-20140929-1.1.mga4 package uses dokuwiki-2014-09-29a source 
which allows swf (application/x-shockwave-flash) uploads by default. This may be 
used for Cross-site scripting (XSS) attack which enables attackers to inject 
client-side script into Web pages viewed by other users. (CVE-2014-9253).

This update uses dokuwiki-2014-09-29b hotfix source which disables swf uploads 
by default and fixes the issue.
                

References

SRPMS

4/core