It was discovered that MediaWiki, a website engine for collaborative work, is vulnerable to JSONP injection in Flash (CVE-2014-5241) and clickjacking between OutputPage and ParserOutput (CVE-2014-5243 ). The vulnerabilities are addressed by upgrading MediaWiki to the new upstream version 1.19.18, which includes additional changes.

For the stable distribution (wheezy), these problems have been fixed in version 1:1.19.18+dfsg-0+deb7u1. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your mediawiki packages.

MediaWiki is a wiki engine (a program for creating a collaboratively edited website). It is designed to handle heavy websites containing library-like document collections, and supports user uploads of images/sounds, multilingual content, TOC autogeneration, ISBN links, etc.

mediawiki on Debian Linux

This check tests the installed software version using the apt package manager.

• http://www.debian.org/security/2014/dsa-3011.html

---

Updated on 2015-03-25