Fedora 20 : mediawiki-1.23.2-1.fc20 (2014-9583)

This is a major update from the 1.21 branch to the 1.23 long term support branch. - bug 68187 SECURITY: Prepend jsonp callback with comment. - CVE-2014-5241 - bug 66608 SECURITY: Fix for XSS issue in bug 66608: Generate the URL used for loading a new page in JavaScript,instead of relying on the U...

[SECURITY] [DSA 3011-1] mediawiki security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3011-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso August 23, 2014 http://www.debian.org/security/faq -...

XSS and CSRF vulnerabilities in Zyxel P660RT2 EE

Hello 3APA3A! These are Cross-Site Scripting and Cross-Site Request Forgery vulnerabilities in Zyxel P660RT2 EE ADSL Router. ------------------------- Affected products: ------------------------- Vulnerable is the next model: Zyxel P660RT2 EE. ZyNOS Firmware Version: V3.40 AXN.1. This model with...

Debian DSA-3011-1 : mediawiki - security update

It was discovered that MediaWiki, a website engine for collaborative work, is vulnerable to JSONP injection in Flash CVE-2014-5241 and clickjacking between OutputPage and ParserOutput CVE-2014-5243 . The vulnerabilities are addressed by upgrading MediaWiki to the new upstream version 1.19.18, whi...

[SECURITY] [DSA 3011-1] mediawiki security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3011-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso August 23, 2014 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 3011-1 (mediawiki - security update)

It was discovered that MediaWiki, a website engine for collaborative work, is vulnerable to JSONP injection in Flash CVE-2014-5241 and clickjacking between OutputPage and ParserOutput CVE-2014-5243 . The vulnerabilities are addressed by upgrading MediaWiki to the new upstream version 1.19.18, whi...

DSA-3011-1 mediawiki - security update

Bulletin has no description...

CVE-2014-5243

MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

DEBIAN-CVE-2014-5243

MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

CVE-2014-5243

MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

CVE-2014-5243

MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

Code injection

MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

CVE-2014-5243

CVE-2014-5243 affects MediaWiki up to versions 1.22.x before 1.22.9 and 1.23.x before 1.23.2, plus earlier 1.19.18; the issue is failure to enforce an IFRAME protection mechanism for transcluded pages, enabling clickjacking via a crafted site. Connected advisories confirm related fixes and cross-...

CVE-2014-5243

MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

CVE-2014-5243

MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

Debian: Security Advisory (DSA-3011-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MediaWiki < 1.19.18 / 1.22.9 / 1.23.2 Multiple Vulnerabilities

According to its version number, the instance of MediaWiki running on the remote host is affected by the following vulnerabilities : - A flaw exists due to comments not being prepended to the JSONP callbacks. This allows a remote attacker, using a specially crafted SWF file, to perform a cross-si...

Mandriva Linux Security Advisory : mediawiki (MDVSA-2014:153)

Updated mediawiki packages fix security vulnerabilities : MediaWiki before 1.23.2 is vulnerable to JSONP injection in Flash, XSS in mediawiki.page.image.pagination.js, and clickjacking between OutputPage and ParserOutput. This update provides MediaWiki 1.23.2, fixing these and other issues...

MGASA-2014-0309 Updated mediawiki packages fix security vulnerabilities

MediaWiki before 1.23.2 is vulnerable to JSONP injection in Flash CVE-2014-5241, XSS in mediawiki.page.image.pagination.js CVE-2014-5242, and clickjacking between OutputPage and ParserOutput CVE-2014-5243. This update provides MediaWiki 1.23.2, fixing these and other issues...

Updated mediawiki packages fix security vulnerabilities

MediaWiki before 1.23.2 is vulnerable to JSONP injection in Flash CVE-2014-5241, XSS in mediawiki.page.image.pagination.js CVE-2014-5242, and clickjacking between OutputPage and ParserOutput CVE-2014-5243. This update provides MediaWiki 1.23.2, fixing these and other issues...