It was discovered that MediaWiki, a website engine for collaborative work, is vulnerable to JSONP injection in Flash (CVE-2014-5241) and clickjacking between OutputPage and ParserOutput (CVE-2014-5243 ). The vulnerabilities are addressed by upgrading MediaWiki to the new upstream version 1.19.18, which includes additional changes.
[SECURITY] [DSA 3011-1] mediawiki security update
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Debian Security Advisory DSA 3011-1 (mediawiki - security update)
Fedora Update for mediawiki FEDORA-2014-9548
Fedora Update for mediawiki FEDORA-2014-9583
Gentoo Security Advisory GLSA 201502-04
mediawiki - security update