Lucene search

Gentoo FoundationMGASA-2014-0506

HistoryDec 03, 2014 - 10:27 p.m.

Updated mediawiki packages fix security vulnerabilies

2014-12-0322:27:32

Gentoo Foundation

advisories.mageia.org

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.033

Percentile

91.5%

JSON

In MediaWiki before 1.23.7, a missing CSRF check could allow reflected XSS on wikis that allow raw HTML (CVE-2014-9276). MediaWiki’s mangling, in MediaWiki before 1.23.7, could allow an article editor to inject code into API consumers that blindly unserialize PHP representations of the page from the API (CVE-2014-9277). This update provides MediaWiki 1.23.7, which fixes these security issues and other bugs.

OSVersionArchitecturePackageVersionFilename
Mageia4noarchmediawiki< 1.23.7-1mediawiki-1.23.7-1.mga4

OS	Version	Architecture	Package	Version	Filename
Mageia	4	noarch	mediawiki	< 1.23.7-1	mediawiki-1.23.7-1.mga4

References

openwall.com/lists/oss-security/2014/12/04/16

bugs.mageia.org/show_bug.cgi?id=14711

lists.wikimedia.org/pipermail/mediawiki-announce/2014-November/000170.html

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.033

Percentile

91.5%

JSON

Related for MGASA-2014-0506