Nome do pacote
mediawiki
Data
2013-12-17
ID Alerta
MDVSA-2013:290
Versões afetadas
MBS1 x86_64

Descrição do problema

Updated mediawiki packages fix security vulnerabilities:

Kevin Israel (Wikipedia user PleaseStand) identified and reported
two vectors for injecting Javascript in CSS that bypassed MediaWiki's
blacklist (CVE-2013-4567, CVE-2013-4568).

Internal review while debugging a site issue discovered that MediaWiki
and the CentralNotice extension were incorrectly setting cache headers
when a user was autocreated, causing the user's session cookies to
be cached, and returned to other users (CVE-2013-4572).

Pacotes atualizados

MBS1 x86_64

 16978836b471c8c96de15bd2951f6973  mbs1/x86_64/mediawiki-1.20.8-1.mbs1.noarch.rpm
 b310f836d33a13eafc9c2bf5d4f125bd  mbs1/x86_64/mediawiki-mysql-1.20.8-1.mbs1.noarch.rpm
 039a7f1f78ab63f341ad33fab533aae5  mbs1/x86_64/mediawiki-pgsql-1.20.8-1.mbs1.noarch.rpm
 4bd73f5b354eed12f9a4235063f61898  mbs1/x86_64/mediawiki-sqlite-1.20.8-1.mbs1.noarch.rpm 
 cc772a7609220723cfdb3a355edb1356  mbs1/SRPMS/mediawiki-1.20.8-1.mbs1.src.rpm

Referências