| |||||||||||||||||||
Mageia alert MGASA-2013-0276 (mediawiki)
MGASA-2013-0276 - Updated mediawiki package fixes security vulnerabilities Publication date: 13 Sep 2013 URL: http://advisories.mageia.org/MGASA-2013-0276.html Type: security Affected Mageia releases: 2, 3 CVE: CVE-2013-4301, CVE-2013-4302, CVE-2013-4303 Description: Full path disclosure in MediaWiki before 1.20.7, when an invalid language is specified in ResourceLoader (CVE-2013-4301). Several API modules in MediaWiki before 1.20.7 allowed anti-CSRF tokens to be accessed via JSONP (CVE-2013-4302). An issue with the MediaWiki API in MediaWiki before 1.20.7 where an invalid property name could be used for XSS with older versions of Internet Explorer (CVE-2013-4303). References: - https://bugs.mageia.org/show_bug.cgi?id=11157 - http://lists.wikimedia.org/pipermail/mediawiki-announce/2... - https://www.mediawiki.org/wiki/Release_notes/1.20 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4301 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4302 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4303 SRPMS: - 3/core/mediawiki-1.20.7-1.mga3 - 2/core/mediawiki-1.20.7-1.mga2 (Log in to post comments)
|
|||||||||||||||||||