Mageia Advisory: MGASA-2015-0093 - Updated dokuwiki packages fix CVE-2015-2172

Updated dokuwiki packages fix CVE-2015-2172

Publication date: 05 Mar 2015
Modification date: 05 Mar 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-2172

Description

Updated dokuwiki package fixes security vulnerability:

DokuWiki before 20140929c has a security issue in the ACL plugins remote API
component. The plugin failed to check for superuser permissions before
executing ACL addition or deletion. This means everybody with permissions to
call the XMLRPC API also had permissions to set up their own ACL rules and thus
circumventing any existing rules (CVE-2015-2172).

References

https://bugs.mageia.org/show_bug.cgi?id=15402
https://github.com/splitbrain/dokuwiki/issues/1056
https://www.dokuwiki.org/changes#release_2014-09-29c_hrun
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2172

SRPMS

4/core

dokuwiki-20140929-1.3.mga4

Advisories » MGASA-2015-0093

Updated dokuwiki packages fix CVE-2015-2172

Description

References

SRPMS

4/core