Debian Security Advisory DSA 3036-1 (mediawiki - Security Update) Network Vulnerability

Summary

It was discovered that MediaWiki, a wiki engine, did not sufficiently filter CSS in uploaded SVG files, allowing for cross site scripting.

Solution

For the stable distribution (wheezy), this problem has been fixed in version 1:1.19.19+dfsg-0+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 1:1.19.19+dfsg-1. We recommend that you upgrade your mediawiki packages.

Insight

MediaWiki is a wiki engine (a program for creating a collaboratively edited website). It is designed to handle heavy websites containing library-like document collections, and supports user uploads of images/sounds, multilingual content, TOC autogeneration, ISBN links, etc.

Affected

mediawiki on Debian Linux

Detection

This check tests the installed software version using the apt package manager.

References

http://www.debian.org/security/2014/dsa-3036.html

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 005-1 (slocate)
Debian Security Advisory DSA 059-1 (man-db)
Debian Security Advisory DSA 1067-1 (kernel 2.4.16)
Debian Security Advisory DSA 099-1 (XChat)
Debian Security Advisory DSA 013-1 (mysql)

Debian Security Advisory DSA 3036-1 (mediawiki - security update)

Take action and discover your vulnerabilities