Updated mediawiki packages fix security vulnerabilities
Publication date: 26 Dec 2014Modification date: 26 Dec 2014
Type: security
Affected Mageia releases : 4
Description
Updated mediawiki packages fix security vulnerabilities:
In MediaWiki before 1.23.8, thumb.php outputs wikitext message as raw HTML,
which could lead to cross-site scripting. Permission to edit MediaWiki
namespace is required to exploit this.
In MediaWiki before 1.23.8, a malicious site can bypass CORS restrictions in
$wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as
part of its name.
References
SRPMS
4/core
- mediawiki-1.23.8-1.mga4