[Frugalware-security] [ FSA-285 ] mediawiki
voroskoi
noreply at frugalware.org
Thu Oct 4 11:29:43 CEST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Frugalware Security Advisory FSA-285
Date: 2007-10-04
Package: mediawiki
Vulnerable versions: <= 1.9.3-1
Unaffected versions: >= 1.9.4-1terminus1
Related bugreport: http://bugs.frugalware.org/task/2412
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4883
Description
===========
A vulnerability has been reported in MediaWiki, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed to unspecified parameters in the API pretty-printing mode is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Successful exploitation requires that the API interface is enabled.
Updated Packages
================
Check if you have mediawiki installed:
# pacman-g2 -Q mediawiki
If found, then you should upgrade to the latest version:
# pacman-g2 -Sy mediawiki
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info
iD8DBQFHBLKHZ7NElSD1VhkRAvPoAJ9+PTWwkQsBoFIqkUAX+DJWO+FIPwCfaA89
gcvjhjZbk4A7UZ/V++BJ/K4=
=rG+k
-----END PGP SIGNATURE-----
More information about the Frugalware-security
mailing list