Updated mediawiki packages fix security vulnerabilities

2014-08-0600:08:48

Gentoo Foundation

advisories.mageia.org

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.2%

JSON

MediaWiki before 1.23.2 is vulnerable to JSONP injection in Flash (CVE-2014-5241), XSS in mediawiki.page.image.pagination.js (CVE-2014-5242), and clickjacking between OutputPage and ParserOutput (CVE-2014-5243). This update provides MediaWiki 1.23.2, fixing these and other issues.

OSVersionArchitecturePackageVersionFilename
Mageia3noarchmediawiki< 1.23.2-1mediawiki-1.23.2-1.mga3
Mageia4noarchmediawiki< 1.23.2-1mediawiki-1.23.2-1.mga4