Nom du paquet
dokuwiki
Date
2013-04-08
Advisory ID
MDVSA-2013:073
Affected versions
MBS1 x86_64

Problem description

Updated dokuwiki package fixes security vulnerabilities:

DokuWiki 2009-12-25c allows remote attackers to obtain sensitive
information via a direct request to a .php file, which reveals
the installation path in an error message, as demonstrated by
lib/tpl/index.php and certain other files (CVE-2011-3727).

A full path disclosure flaw was found in the way DokuWiki, a
standards compliant, simple to use Wiki, performed sanitization of
HTTP POST 'prefix' input value prior passing it to underlying PHP
substr() routine, when the PHP error level has been enabled on the
particular server. A remote attacker could use this flaw to obtain
full path location of particular requested DokuWiki page by issuing
a specially-crafted HTTP POST request (CVE-2012-3354).

Updated packages

MBS1 x86_64

 d326e3a303e6c4707bf72baf7380e959  mbs1/x86_64/dokuwiki-20121013-1.mbs1.noarch.rpm 
 1ad8ca0e4ecd2c6fc344a918c86d60fa  mbs1/SRPMS/dokuwiki-20121013-1.mbs1.src.rpm

References