drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in MediaWiki
Name: |
Mehrere Probleme in MediaWiki |
|
ID: |
FEDORA-2013-5874 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 19 |
|
Datum: |
Do, 25. April 2013, 21:57 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
MediaWiki |
|
Originalnachricht |
Name : mediawiki Product : Fedora 19 Version : 1.20.4 Release : 1.fc19 URL : http://www.mediawiki.org/ Summary : A wiki engine Description : MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers
This package supports wiki farms. Read the instructions for creating wiki instances under /usr/share/doc/mediawiki-1.20.4/README.RPM. Remember to remove the config dir after completing the configuration.
------------------------------------------------------------------------------- - Update Information:
* An internal review discovered that specially crafted Lua function
names could lead to XSS.
https://bugzilla.wikimedia.org/show_bug.cgi?id=46084
* Daniel Franke reported that during SVG parsing, MediaWiki failed to
prevent XML external entity (XXE) processing. This could lead to local
file disclosure, or potentially remote command execution in
environments that have enabled expect:// handling.
https://bugzilla.wikimedia.org/show_bug.cgi?id=46859
* Internal review also discovered that Special:Import, and
Extension:RSS failed to prevent XML external entity (XXE) processing.
https://bugzilla.wikimedia.org/show_bug.cgi?id=47251 ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #952581 - mediawiki-1.20.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=952581 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update mediawiki' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|