DSA-2891-3 mediawiki, mediawiki-extensions -- mediawiki, mediawiki-extensionsID: oval:org.secpod.oval:def:601251 | Date: (C)2014-07-21 (M)2022-10-10 |
Class: PATCH | Family: unix |
The Mediawiki update issued as DSA 2891-1 caused regressions. This update fixes those problems. For reference the original advisory text follows. Several vulnerabilities were discovered in MediaWiki, a wiki engine. The Common Vulnerabilities and Exposures project describers the followin issues: CVE-2013-2031 Cross-site scripting attack via valid UTF-7 encoded sequences in a SVG file. CVE-2013-4567 & CVE-2013-4568 Kevin Israel reported two ways to inject Javascript due to an incomplete blacklist in the CSS sanitizer function. CVE-2013-4572 MediaWiki and the CentralNotice extension were incorrectly setting cache headers when a user was autocreated, causing the user"s session cookies to be cached, and returned to other users. CVE-2013-6452 Chris from RationalWiki reported that SVG files could be uploaded that include external stylesheets, which could lead to XSS when an XSL was used to include JavaScript. CVE-2013-6453 MediaWiki"s SVG sanitization could be bypassed when the XML was considered invalid. CVE-2013-6454 MediaWiki"s CSS sanitization did not filter -o-link attributes, which could be used to execute JavaScript in Opera 12. CVE-2013-6472 MediaWiki displayed some information about deleted pages in the log API, enhanced RecentChanges, and user watchlists. CVE-2014-1610 A remote code execution vulnerability existed if file upload support for DjVu or PDF files was enabled. Neither file type is enabled by default in MediaWiki. CVE-2014-2665 Cross site request forgery in login form: an attacker could login a victim as the attacker.
Product: |
mediawiki |
mediawiki-extensions |