Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 579
Alerts This Week
Warning Icon 1 579

Fedora: 2007-1442 Moderate: Security Patch for MediaWiki XSS Vulnerability

fedora
Calendar Grey August 27, 2007
Dist Fedora Esm H88
Patch addresses XSS vulnerability in MediaWiki, bolstering protection for Fedora users. Update to mitigate threats.
This update fixes the following vulnerability: "Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax i...

Summary

MediaWiki is the software used for Wikipedia and the other Wikimedia

Foundation websites. Compared to other wikis, it has an excellent

range of features and support for high-traffic websites using multiple

servers

This package supports wiki farms. Copy /var/www/wiki over to the

desired wiki location and configure it through the web

interface. Remember to remove the config dir after completing the

configuration.

This update fixes the following vulnerability:

"Cross-site scripting (XSS) vulnerability in the AJAX features in

index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is

enabled, allows remote attackers to inject arbitrary web script

or HTML via a UTF-7 encoded value of the rs parameter, which is

processed by Internet Explorer."

* Mon Aug 6 2007 Axel Thimm - 1.9.3-34.0.1

- Bump release to please koji/CVS.

* Thu Feb 22 2007 Axel Thimm - 1.9.3-34

- Update to 1.9.4.

[ 1 ] Bug #250819

https://bugzilla.redhat.com/show_bug.cgi?id=250819

[ 2 ] CVE-2007-1054

ac48ef9e1b824ccd5c7def86e3bb2610c84ae5db mediawiki-debuginfo-1.9.3-34.0.2.fc7.i386.rpm

77467b507c0c1a0df8b0101bb60a30e149614df5 mediawiki-1.9.3-34.0.2.fc7.i386.rpm

b475374a91e5bae04fdd01b6f8acbb878427a24a mediawiki-debuginfo-1.9.3-34.0.2.fc7.x86_64.rpm

7526851cedc44a419f3584bc1cebd5ed8cc54c61 mediawiki-1.9.3-34.0.2.fc7.x86_64.rpm

5493f768b83d0bb228d57d08034839e6432357ab mediawiki-debuginfo-1.9.3-34.0.2.fc7.ppc.rpm

2a2c1deafadd9544d84cba39411b88969e3bb7b3 mediawiki-1.9.3-34.0.2.fc7.ppc.rpm

93a61addf23f07ad4aa6f6951de337f1419fe9f0 mediawiki-1.9.3-34.0.2.fc7.src.rpm

This update can be installed with the 'yum' update program. Use 'yum update

package-name' at the command line. For more information, refer to 'Managing

Software with yum,' available at .

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Change Log

References

Update Instructions

Product: Fedora 7
Version: 1.9.3
Release: 34.0.2.fc7
Summary: A wiki engine

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.