Nome do pacote
mediawiki
Data
2014-06-10
ID Alerta
MDVSA-2014:119
Versões afetadas
MBS1 x86_64

Descrição do problema

Updated mediawiki packages fix security vulnerability:

XSS vulnerability in MediaWiki before 1.22.7, due to usernames on
Special:PasswordReset being parsed as wikitext. The username on
Special:PasswordReset can be supplied by anyone and will be parsed
with wgRawHtml enabled. Since Special:PasswordReset is whitelisted
by default on private wikis, this could potentially lead to an XSS
crossing a privilege boundary (CVE-2014-3966).

Pacotes atualizados

MBS1 x86_64

 ff6c87c0ca4184be601a11c11487b5a6  mbs1/x86_64/mediawiki-1.22.7-1.mbs1.noarch.rpm
 64e807f5fa514e1149b4bdf51433efb6  mbs1/x86_64/mediawiki-mysql-1.22.7-1.mbs1.noarch.rpm
 891e200fedb9c4eba765c824b2320346  mbs1/x86_64/mediawiki-pgsql-1.22.7-1.mbs1.noarch.rpm
 d80771e17bd538455da34534b3da2e28  mbs1/x86_64/mediawiki-sqlite-1.22.7-1.mbs1.noarch.rpm 
 92c5c9e169e42307b700f97de6f23309  mbs1/SRPMS/mediawiki-1.22.7-1.mbs1.src.rpm

Referências