You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa dokuwiki

Sigurnosni nedostatak programskog paketa dokuwiki

——————————————————————————–
Fedora Update Notification
FEDORA-2015-3211
2015-03-05 09:16:42
——————————————————————————–

Name : dokuwiki
Product : Fedora 20
Version : 0
Release : 0.24.20140929c.fc20
URL : http://www.dokuwiki.org/dokuwiki
Summary : Standards compliant simple to use wiki
Description :
DokuWiki is a standards compliant, simple to use Wiki, mainly aimed at creating
documentation of any kind. It has a simple but powerful syntax which makes sure
the datafiles remain readable outside the Wiki and eases the creation of
structured texts.

All data is stored in plain text files no database is required.

——————————————————————————–
Update Information:

This update fixes CVE-2015-2172

* There’s a security hole in the ACL plugins remote API component. The plugin failes to check for superuser permissions before executing ACL addition or deletion. This means everybody with permissions to call the XMLRPC API also has permissions to set up their own ACL rules and thus circumventing any existing rules.
Update to the 2014-09-29b release which contains various fixes, notably:

Security:
* CVE-2014-9253 – XSS via SFW file upload
* CVE-2012-6662 – jquery-ui XSS vulnerability

Bugfixes:
* dokuwiki requires php-xml (RHBZ#1061477)
* wrong SELinux file context for writable files/directories (RHBZ#1064524)
* drop httpd requirement (RHBZ#1164396)

Update to the 2014-09-29b release which contains various fixes, notably:

Security:
* CVE-2014-9253 – XSS via SFW file upload
* CVE-2012-6662 – jquery-ui XSS vulnerability

Bugfixes:
* dokuwiki requires php-xml (RHBZ#1061477)
* wrong SELinux file context for writable files/directories (RHBZ#1064524)
* drop httpd requirement (RHBZ#1164396)

Update to the 2014-09-29b release which contains various fixes, notably:

Security:
* CVE-2014-9253 – XSS via SFW file upload
* CVE-2012-6662 – jquery-ui XSS vulnerability

Bugfixes:
* dokuwiki requires php-xml (RHBZ#1061477)
* wrong SELinux file context for writable files/directories (RHBZ#1064524)
* drop httpd requirement (RHBZ#1164396)

Update to the 2014-09-29b release which contains various fixes, notably:

Security:
* CVE-2014-9253 – XSS via SFW file upload
* CVE-2012-6662 – jquery-ui XSS vulnerability

Bugfixes:
* dokuwiki requires php-xml (RHBZ#1061477)
* wrong SELinux file context for writable files/directories (RHBZ#1064524)
* drop httpd requirement (RHBZ#1164396)

This update adds dokuwiki package to EPEL7
——————————————————————————–
ChangeLog:

* Tue Mar 3 2015 Adam Tkac <vonsch@gmail.com> – 0.0.24.20140929c
– update to the latest upstream (CVE-2015-2172)
* Fri Dec 26 2014 Adam Tkac <vonsch@gmail.com> – 0.0.23.20140929b
– update to the latest upstream
– drop requirement of httpd (#1164396)
– fix SELinux file contexts (#1064524)
– require php-xml (#1061477)
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 0-0.22.20131208
– Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Thu Dec 12 2013 Adam Tkac <vonsch@gmail.com> – 0-0.21.20131208
– fix upstream source link
– use macros for dokuwiki release numbers
– update to the latest upstream
——————————————————————————–
References:

[ 1 ] Bug #1197822 – CVE-2015-2172 dokuwiki: privilege escalation in RPC API
https://bugzilla.redhat.com/show_bug.cgi?id=1197822
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update dokuwiki’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

——————————————————————————–
Fedora Update Notification
FEDORA-2015-3186
2015-03-05 09:15:44
——————————————————————————–

Name : dokuwiki
Product : Fedora 21
Version : 0
Release : 0.24.20140929c.fc21
URL : http://www.dokuwiki.org/dokuwiki
Summary : Standards compliant simple to use wiki
Description :
DokuWiki is a standards compliant, simple to use Wiki, mainly aimed at creating
documentation of any kind. It has a simple but powerful syntax which makes sure
the datafiles remain readable outside the Wiki and eases the creation of
structured texts.

All data is stored in plain text files no database is required.

——————————————————————————–
Update Information:

This update fixes CVE-2015-2172

* There’s a security hole in the ACL plugins remote API component. The plugin failes to check for superuser permissions before executing ACL addition or deletion. This means everybody with permissions to call the XMLRPC API also has permissions to set up their own ACL rules and thus circumventing any existing rules.
Update to the 2014-09-29b release which contains various fixes, notably:

Security:
* CVE-2014-9253 – XSS via SFW file upload
* CVE-2012-6662 – jquery-ui XSS vulnerability

Bugfixes:
* dokuwiki requires php-xml (RHBZ#1061477)
* wrong SELinux file context for writable files/directories (RHBZ#1064524)
* drop httpd requirement (RHBZ#1164396)

Update to the 2014-09-29b release which contains various fixes, notably:

Security:
* CVE-2014-9253 – XSS via SFW file upload
* CVE-2012-6662 – jquery-ui XSS vulnerability

Bugfixes:
* dokuwiki requires php-xml (RHBZ#1061477)
* wrong SELinux file context for writable files/directories (RHBZ#1064524)
* drop httpd requirement (RHBZ#1164396)

Update to the 2014-09-29b release which contains various fixes, notably:

Security:
* CVE-2014-9253 – XSS via SFW file upload
* CVE-2012-6662 – jquery-ui XSS vulnerability

Bugfixes:
* dokuwiki requires php-xml (RHBZ#1061477)
* wrong SELinux file context for writable files/directories (RHBZ#1064524)
* drop httpd requirement (RHBZ#1164396)

Update to the 2014-09-29b release which contains various fixes, notably:

Security:
* CVE-2014-9253 – XSS via SFW file upload
* CVE-2012-6662 – jquery-ui XSS vulnerability

Bugfixes:
* dokuwiki requires php-xml (RHBZ#1061477)
* wrong SELinux file context for writable files/directories (RHBZ#1064524)
* drop httpd requirement (RHBZ#1164396)

This update adds dokuwiki package to EPEL7
——————————————————————————–
ChangeLog:

* Tue Mar 3 2015 Adam Tkac <vonsch@gmail.com> – 0.0.24.20140929c
– update to the latest upstream (CVE-2015-2172)
* Fri Dec 26 2014 Adam Tkac <vonsch@gmail.com> – 0.0.23.20140929b
– update to the latest upstream
– drop requirement of httpd (#1164396)
– fix SELinux file contexts (#1064524)
– require php-xml (#1061477)
——————————————————————————–
References:

[ 1 ] Bug #1197822 – CVE-2015-2172 dokuwiki: privilege escalation in RPC API
https://bugzilla.redhat.com/show_bug.cgi?id=1197822
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update dokuwiki’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Top
More in Preporuke
Sigurnosni nedostaci programskih paketa ipa i slapi-nis

Otkriveni su sigurnosni nedostaci u programskim paketima ipa i slapi-nis za operacijski sustav RedHat. Otkriveni nedostaci potencijalnim napadačima omogućuju izvođenje...

Close