/[advisories]/10095.adv
ViewVC logotype

Annotation of /10095.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 12 - (hide annotations) (download)
Thu Jun 6 19:39:49 2013 UTC (9 years, 1 month ago) by boklm
File size: 1386 byte(s)
Fix affected mageia version for bug 10095
1 boklm 7 ID: MGASA-2013-0163
2     pubtime: 1370521473
3     type: security
4     src:
5 boklm 12 2:
6 boklm 7 core:
7     - php-geshi-1.0.8.11-1.mga2
8     CVE:
9     - CVE-2012-3251
10     - CVE-2012-3522
11     subject: Updated php-geshi package fix security vulnerabilities
12     description: |
13     A directory traversal and information disclosure (local file inclusion) flaws
14     were found in the cssgen contrib module (application to generate custom CSS
15     files) of GeSHi, a generic syntax highlighter, performed sanitization of
16     'geshi-path' and 'geshi-lang-path' HTTP GET / POST variables. A remote
17     attacker could provide a specially-crafted URL that, when visited could lead
18     to local file system traversal or, potentially, ability to read content of
19     any local file, accessible with the privileges of the user running the
20     webserver (CVE-2012-3251).
21    
22     A cross-site scripting (XSS) flaw was found in the way 'langwiz' example
23     script of GeSHi, a generic syntax highlighter, performed sanitization of
24     certain HTTP GET / POST request variables (prior dumping their content). A
25     remote attacker could provide a specially-crafted URL that, when visited
26     would lead to arbitrary HTML or web script execution (CVE-2012-3522).
27     references:
28     - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3521
29     - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3522
30     - http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105247.html

  ViewVC Help
Powered by ViewVC 1.1.28