Debian High: DSA-2366-1 MediaWiki Multiple Remote Issues
debian
December 19, 2011
Several problems have been discovered in mediawiki, a website engine for collaborative work
Summary
Several problems have been discovered in mediawiki, a website engine for
collaborative work.
CVE-2011-1578 CVE-2011-1587
Masato Kinugawa discovered a cross-site scripting (XSS) issue, which
affects Internet Explorer clients only, and only version 6 and
earlier. Web server configuration changes are required to fix this
issue. Upgrading MediaWiki will only be sufficient for people who use
Apache with AllowOverride enabled.
For details of the required configuration changes, see the upstream
announcements:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html
https://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000097.html
CVE-2011-1579
Wikipedia user Suffusion of Yellow discovered a CSS validation error
in the wikitext parser. This is an XSS issue for Internet Explorer
clients, and a privacy loss issue for other clients since it allows
the embedding of arbitrary remote images.
CVE-2011-1580
MediaWiki developer Happy-Melon ...
PREVIOUS
NEXT
Package: mediawiki
CVE ID: CVE-2011-1578 CVE-2011-1579 CVE-2011-1580 CVE-2011-1587
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!