Denial of Service in python-mwlib
ID: | FEDORA-2012-3138 |
Distribution: | Fedora |
Plattformen: | Fedora 17 |
Datum: | Mo, 12. März 2012, 08:11 |
Referenzen: | Keine Angabe |
Applikationen: | python-mwlib |
Originalnachricht |
|
Name : python-mwlib Product : Fedora 17 Version : 0.13.5 Release : 1.fc17 URL : http://pediapress.com/code/ Summary : MediaWiki parser and utility library Description : mwlib provides a library for parsing MediaWiki articles and converting them to different output formats. mwlib is used by Wikipedia's "Print/export" feature in order to generate PDF documents from Wikipedia articles. -------------------------------------------------------------------------------- Update Information: Update to version 0.13.5, which solves the following issues: It was reported that mwlib suffered from a flaw that could allow a remote attacker to perform a denial of service attack on a mwlib installation by forcing it to parse a specially-crafted #iferror magic function. This issue has been resolved in version 0.13.5. syntaxhighlight nodes are supported properly in version 0.13.5. -------------------------------------------------------------------------------- References: [ 1 ] Bug #800066 - mwlib: denial of service when parsing #iferror magic functions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=800066 [ 2 ] Bug #798615 - python-mwlib-0.13.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=798615 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update python-mwlib' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce |