فا

‫ Gentoo update for mediawiki

ID: IRCAD2015023754
Release Date: 2015-02-10
Criticality level: Highly critical
Software:
Gentoo Linux
Description:
Gentoo has issued an update for mediawiki. This fixes two weaknesses, multiple security issues, and some vulnerabilities, which can be exploited by malicious users to disclose potentially sensitive information, manipulate certain data, conduct script insertion attacks, bypass certain security restrictions and by malicious people to disclose potentially sensitive information, conduct cross-site scripting and clickjacking attacks, bypass certain security restrictions, and compromise a vulnerable system.
1) Input passed via the "name" and "url" parameters to Listings.body.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Successful exploitation of this vulnerability requires the "Listings" extension to be enabled.
2) Input passed via the "title" and "extract" parameters to resources/ext.popups.renderer.article.js is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Successful exploitation of this vulnerability requires the "Hovercards" extension to be enabled.
Solution
Update to "www-apps/mediawiki-1.19.23" or later, "www-apps/mediawiki-1.22.15" or later, or "www-apps/mediawiki-1.23.8" or later.
References:
GLSA 201502-04:
MediaWiki:
Secunia:

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 1 اسفند 1393

امتیاز

امتیاز شما
تعداد امتیازها: 0