DSA-2022-1 mediawiki -- severalID: oval:org.secpod.oval:def:600104 | Date: (C)2011-01-28 (M)2022-10-10 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in mediawiki, a web-based wiki engine. The following issues have been identified: Insufficient input sanitization in the CSS validation code allows editors to display external images in wiki pages. This can be a privacy concern on public wikis as it allows attackers to gather IP addresses and other information by linking these images to a web server under their control. Insufficient permission checks have been found in thump.php which can lead to disclosure of image files that are restricted to certain users . For the stable distribution , this problem has been fixed in version 1.12.0-2lenny4. For the testing distribution , this problem has been fixed in version 1:1.15.2-1. For the unstable distribution , this problem has been fixed in version 1:1.15.2-1.