Debian Security Advisory 3046-1

Debian Security Advisory 3046-1: Posted Oct 6, 2014; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3046-1 - It was reported that MediaWiki, a website engine for collaborative work, allowed to load user-created CSS on pages where user-created JavaScript is not allowed. A wiki user could be tricked into performing actions by manipulating the interface from CSS, or JavaScript code being executed from CSS, on security-wise sensitive pages like Special:Preferences and Special:UserLogin. This update removes the separation of CSS and JavaScript module allowance.; tags | advisory, javascript; systems | linux, debian; advisories | CVE-2014-7295; SHA-256 | a8c028bd8f5b773c2db161c0427d597f71d4ffad2009685a807ddd29f797ca7b; Download | Favorite | View

Debian Security Advisory 3046-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3046-1                   security@debian.org
http://www.debian.org/security/                      Salvatore Bonaccorso
October 05, 2014                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : mediawiki
CVE ID         : CVE-2014-7295

It was reported that MediaWiki, a website engine for collaborative work,
allowed to load user-created CSS on pages where user-created JavaScript
is not allowed. A wiki user could be tricked into performing actions by
manipulating the interface from CSS, or JavaScript code being executed
from CSS, on security-wise sensitive pages like Special:Preferences and
Special:UserLogin. This update removes the separation of CSS and
JavaScript module allowance.

For the stable distribution (wheezy), this problem has been fixed in
version 1:1.19.20+dfsg-0+deb7u1.

For the unstable distribution (sid), this problem has been fixed in
version 1:1.19.20+dfsg-1.

We recommend that you upgrade your mediawiki packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUMWQQAAoJEAVMuPMTQ89EIFEP/jGfYxU9UQ4JBoIu84wsRjuP
MXI7mGNuhA9dnwxKaAzEddqlmVrVy5tgP18kanlB1agzBR3O7JWqel8BjAWWU3wV
LIRTrlTQTh3EFeXuaPAKUrXPHognDcixhcPUNsVn6oeuwNaHDI7T9cQseDKlnvPU
VtVexVVE6YpPyUg3LIO6EPt1U3dVLr6AG8/BbweooYwQyB3tupbemGWptI6rEeRK
MqIxRuld3xkAG7SZJXv7pLnRDZBzXW/LcRD5r7CtSdfUeIFqcMOBhMR2lWH52jMg
0jM3koPnukXOYPOQIYD+l3+wG65mPqb/gtToRObPqGgcPCTup0eMcWu97Nz9CUDp
QW2iTo/M9e+4T+uAg5ETeWiK0i3k6R7MpcSBJuTv2ckbDvqZKvslzLjLXJ4MsheD
mbv0gmub3wDojWLwYq8+PAsCJSaGFZhZqME2aFps0xxqFQVo03JULZZK/hbIjFgl
GpXH+Exb7iAuCiZM+tSgMe/GJ324J53qudKaifDbypaLWZLT4T1WN24IHZv6Icpv
W08Em5Guc0nyC4mYFb9+J+t/yXd6M3hfhc1I+9fqdX+uLFlvx/nNm8wU87QuuQs/
k64awl9aUDbZxDGdC8OxwDfh1EeXroNMHueDPj82t76+dRU3+sBjJkhnQMp3S/LD
RMJttMX597NHP2RBLApx
=KdNC
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 300 files
Ubuntu 65 files
LiquidWorm 25 files
Debian 18 files
indoushka 15 files
Apple 10 files
Google Security Research 7 files
Gentoo 5 files
Emiliano Febbi 3 files
Chokri Hammedi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,155)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,813)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,236)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,965)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Debian Security Advisory 3046-1

Debian Security Advisory 3046-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 3046-1

Share This

Debian Security Advisory 3046-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems