Mehrere Probleme in DokuWiki
ID: | FEDORA-2015-3186 |
Distribution: | Fedora |
Plattformen: | Fedora 21 |
Datum: | Do, 26. März 2015, 23:08 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6662
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9253 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2172 |
Applikationen: | DokuWiki |
Originalnachricht |
|
Name : dokuwiki Product : Fedora 21 Version : 0 Release : 0.24.20140929c.fc21 URL : http://www.dokuwiki.org/dokuwiki Summary : Standards compliant simple to use wiki Description : DokuWiki is a standards compliant, simple to use Wiki, mainly aimed at creating documentation of any kind. It has a simple but powerful syntax which makes sure the datafiles remain readable outside the Wiki and eases the creation of structured texts. All data is stored in plain text files no database is required. -------------------------------------------------------------------------------- Update Information: This update fixes CVE-2015-2172 * There's a security hole in the ACL plugins remote API component. The plugin failes to check for superuser permissions before executing ACL addition or deletion. This means everybody with permissions to call the XMLRPC API also has permissions to set up their own ACL rules and thus circumventing any existing rules. Update to the 2014-09-29b release which contains various fixes, notably: Security: * CVE-2014-9253 - XSS via SFW file upload * CVE-2012-6662 - jquery-ui XSS vulnerability Bugfixes: * dokuwiki requires php-xml (RHBZ#1061477) * wrong SELinux file context for writable files/directories (RHBZ#1064524) * drop httpd requirement (RHBZ#1164396) Update to the 2014-09-29b release which contains various fixes, notably: Security: * CVE-2014-9253 - XSS via SFW file upload * CVE-2012-6662 - jquery-ui XSS vulnerability Bugfixes: * dokuwiki requires php-xml (RHBZ#1061477) * wrong SELinux file context for writable files/directories (RHBZ#1064524) * drop httpd requirement (RHBZ#1164396) Update to the 2014-09-29b release which contains various fixes, notably: Security: * CVE-2014-9253 - XSS via SFW file upload * CVE-2012-6662 - jquery-ui XSS vulnerability Bugfixes: * dokuwiki requires php-xml (RHBZ#1061477) * wrong SELinux file context for writable files/directories (RHBZ#1064524) * drop httpd requirement (RHBZ#1164396) Update to the 2014-09-29b release which contains various fixes, notably: Security: * CVE-2014-9253 - XSS via SFW file upload * CVE-2012-6662 - jquery-ui XSS vulnerability Bugfixes: * dokuwiki requires php-xml (RHBZ#1061477) * wrong SELinux file context for writable files/directories (RHBZ#1064524) * drop httpd requirement (RHBZ#1164396) This update adds dokuwiki package to EPEL7 -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 3 2015 Adam Tkac |