Fedora 21 Security Update: dokuwiki-0-0.24.20140929c.fc21

Resolved Bugs
1197822 – CVE-2015-2172 dokuwiki: privilege escalation in RPC API
1064524 – Wrong SELinux type in dokuwiki-selinux package
1150134 – dokuwiki: various security flaws [epel-all]
1174333 – CVE-2014-9253 dokuwiki: XSS via SFW file upload [epel-6]
1061477 – wiki:syntax page requires php-xml to render
1150133 – dokuwiki: various security flaws [fedora-all]
1174331 – CVE-2014-9253 dokuwiki: XSS via SFW file upload [fedora-all]
1161816 – dokuwiki is 5 months out of date, 2 versions and 3 hotfixes behind
1174332 – CVE-2014-9253 dokuwiki: XSS via SFW file upload [epel-5]
1101095 – New release available – 2014-05-05 “Ponder Stibbons”
1164396 – dokuwiki requires apache
1166099 – CVE-2012-6662 dokuwiki: jquery-ui: XSS vulnerability in default content in Tooltip widget [fedora-all]
1164394 – Add dokuwiki to epel7<br
This update fixes CVE-2015-2172
* There’s a security hole in the ACL plugins remote API component. The plugin failes to check for superuser permissions before executing ACL addition or deletion. This means everybody with permissions to call the XMLRPC API also has permissions to set up their own ACL rules and thus circumventing any existing rules.
Update to the 2014-09-29b release which contains various fixes, notably:
Security:
* CVE-2014-9253 – XSS via SFW file upload
* CVE-2012-6662 – jquery-ui XSS vulnerability
Bugfixes:
* dokuwiki requires php-xml (RHBZ#1061477)
* wrong SELinux file context for writable files/directories (RHBZ#1064524)
* drop httpd requirement (RHBZ#1164396)
Update to the 2014-09-29b release which contains various fixes, notably:
Security:
* CVE-2014-9253 – XSS via SFW file upload
* CVE-2012-6662 – jquery-ui XSS vulnerability
Bugfixes:
* dokuwiki requires php-xml (RHBZ#1061477)
* wrong SELinux file context for writable files/directories (RHBZ#1064524)
* drop httpd requirement (RHBZ#1164396)
Update to the 2014-09-29b release which contains various fixes, notably:
Security:
* CVE-2014-9253 – XSS via SFW file upload
* CVE-2012-6662 – jquery-ui XSS vulnerability
Bugfixes:
* dokuwiki requires php-xml (RHBZ#1061477)
* wrong SELinux file context for writable files/directories (RHBZ#1064524)
* drop httpd requirement (RHBZ#1164396)
Update to the 2014-09-29b release which contains various fixes, notably:
Security:
* CVE-2014-9253 – XSS via SFW file upload
* CVE-2012-6662 – jquery-ui XSS vulnerability
Bugfixes:
* dokuwiki requires php-xml (RHBZ#1061477)
* wrong SELinux file context for writable files/directories (RHBZ#1064524)
* drop httpd requirement (RHBZ#1164396)
This update adds dokuwiki package to EPEL7

Leave a Reply