|
|
Log in / Subscribe / Register

Mageia alert MGASA-2015-0093 (dokuwiki)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2015-0093: Updated dokuwiki packages fix CVE-2015-2172 


Date:
    	      Thu, 5 Mar 2015 20:34:39 +0100


Message-ID:
    	      <20150305193439.612234062D@valstar.mageia.org>


MGASA-2015-0093 - Updated dokuwiki packages fix CVE-2015-2172

Publication date: 05 Mar 2015
URL: http://advisories.mageia.org/MGASA-2015-0093.html

Type: security
Affected Mageia releases: 4
CVE: CVE-2015-2172

Description:
Updated dokuwiki package fixes security vulnerability:

DokuWiki before 20140929c has a security issue in the ACL plugins remote API
component. The plugin failed to check for superuser permissions before
executing ACL addition or deletion. This means everybody with permissions to
call the XMLRPC API also had permissions to set up their own ACL rules and thus
circumventing any existing rules (CVE-2015-2172).

References:
- https://bugs.mageia.org/show_bug.cgi?id=15402

- https://github.com/splitbrain/dokuwiki/issues/1056

- https://www.dokuwiki.org/changes#release_2014-09-29c_hrun

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2172


SRPMS:
- 4/core/dokuwiki-20140929-1.3.mga4
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds