[ MDVSA-2015:185 ] dokuwiki

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:185
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : dokuwiki
 Date    : March 31, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated dokuwiki packages fix security vulnerabilities:
 
 inc/template.php in DokuWiki before 2014-05-05a only checks for
 access to the root namespace, which allows remote attackers to access
 arbitrary images via a media file details ajax call (CVE-2014-8761).
 
 The ajax_mediadiff function in DokuWiki before 2014-05-05a allows
 remote attackers to access arbitrary images via a crafted namespace
 in the ns parameter (CVE-2014-8762).
 
 DokuWiki before 2014-05-05b, when using Active Directory for LDAP
 authentication, allows r

Leave a Reply