155 lines
6.0 KiB
JSON
155 lines
6.0 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20142021",
|
|
"Version": "oval:org.altlinux.errata:def:20142021",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2014-2021: package `mediawiki` update to version 1.23.2-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch p9"
|
|
],
|
|
"Products": [
|
|
"ALT Server",
|
|
"ALT Virtualization Server",
|
|
"ALT Workstation",
|
|
"ALT Workstation K",
|
|
"ALT Education",
|
|
"Simply Linux",
|
|
"Starterkit"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2014-2021",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2014-2021",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2014-5241",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-5241",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2014-5242",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-5242",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2014-5243",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-5243",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades mediawiki to version 1.23.2-alt1. \nSecurity Fix(es):\n\n * CVE-2014-5241: The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted OBJECT element with SWF content consistent with a restricted character set.\n\n * CVE-2014-5242: Cross-site scripting (XSS) vulnerability in mediawiki.page.image.pagination.js in MediaWiki 1.22.x before 1.22.9 and 1.23.x before 1.23.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving the multipageimagenavbox class in conjunction with an action=raw value.\n\n * CVE-2014-5243: MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "Low",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2014-08-21"
|
|
},
|
|
"Updated": {
|
|
"Date": "2014-08-21"
|
|
},
|
|
"BDUs": null,
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2014-5241",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
|
"CWE": "CWE-352",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-5241",
|
|
"Impact": "Low",
|
|
"Public": "20140822"
|
|
},
|
|
{
|
|
"ID": "CVE-2014-5242",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
|
"CWE": "CWE-79",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-5242",
|
|
"Impact": "Low",
|
|
"Public": "20140822"
|
|
},
|
|
{
|
|
"ID": "CVE-2014-5243",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
|
"CWE": "CWE-20",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-5243",
|
|
"Impact": "Low",
|
|
"Public": "20140822"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:kworkstation:9",
|
|
"cpe:/o:alt:workstation:9",
|
|
"cpe:/o:alt:server:9",
|
|
"cpe:/o:alt:server-v:9",
|
|
"cpe:/o:alt:education:9",
|
|
"cpe:/o:alt:slinux:9",
|
|
"cpe:/o:alt:starterkit:p9",
|
|
"cpe:/o:alt:kworkstation:9.1",
|
|
"cpe:/o:alt:workstation:9.1",
|
|
"cpe:/o:alt:server:9.1",
|
|
"cpe:/o:alt:server-v:9.1",
|
|
"cpe:/o:alt:education:9.1",
|
|
"cpe:/o:alt:slinux:9.1",
|
|
"cpe:/o:alt:starterkit:9.1",
|
|
"cpe:/o:alt:kworkstation:9.2",
|
|
"cpe:/o:alt:workstation:9.2",
|
|
"cpe:/o:alt:server:9.2",
|
|
"cpe:/o:alt:server-v:9.2",
|
|
"cpe:/o:alt:education:9.2",
|
|
"cpe:/o:alt:slinux:9.2",
|
|
"cpe:/o:alt:starterkit:9.2"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:1001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20142021001",
|
|
"Comment": "mediawiki is earlier than 0:1.23.2-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20142021002",
|
|
"Comment": "mediawiki-apache2 is earlier than 0:1.23.2-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20142021003",
|
|
"Comment": "mediawiki-common is earlier than 0:1.23.2-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20142021004",
|
|
"Comment": "mediawiki-mysql is earlier than 0:1.23.2-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20142021005",
|
|
"Comment": "mediawiki-postgresql is earlier than 0:1.23.2-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20142021006",
|
|
"Comment": "mediawiki-tex is earlier than 0:1.23.2-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |