[Frugalware-security] [ FSA-285 ] mediawiki

voroskoi noreply at frugalware.org
Thu Oct 4 11:29:43 CEST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frugalware Security Advisory                           FSA-285

Date: 2007-10-04
Package: mediawiki
Vulnerable versions: <= 1.9.3-1
Unaffected versions: >= 1.9.4-1terminus1
Related bugreport: http://bugs.frugalware.org/task/2412
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4828
			http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4883

Description
===========

A vulnerability has been reported in MediaWiki, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed to unspecified parameters in the API pretty-printing mode is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Successful exploitation requires that the API interface is enabled.

Updated Packages
================

Check if you have mediawiki installed:

	# pacman-g2 -Q mediawiki

If found, then you should upgrade to the latest version:

	# pacman-g2 -Sy mediawiki

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info

iD8DBQFHBLKHZ7NElSD1VhkRAvPoAJ9+PTWwkQsBoFIqkUAX+DJWO+FIPwCfaA89
gcvjhjZbk4A7UZ/V++BJ/K4=
=rG+k
-----END PGP SIGNATURE-----


More information about the Frugalware-security mailing list