----------------------------------------------------------------------


Use WSUS to deploy 3rd party patches

Public BETA
http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/


----------------------------------------------------------------------

TITLE:
MediaWiki Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA38856

VERIFY ADVISORY:
http://secunia.com/advisories/38856/

DESCRIPTION:
A vulnerability and a security issue have been reported in MediaWiki,
which can be exploited by malicious users to disclose sensitive
information and bypass certain security restrictions.

1) An error exists within the CSS validation function which can be
exploited to disclose potentially sensitive information by displaying
external images in wiki pages.

Successful exploitation requires "Editor" permissions to wiki pages.

The vulnerability is reported in versions prior to 1.15.2.

2) The security issue is caused due to a missing user permissions
check within the "thumb.php" script. This can be exploited to view
restricted images in private wikis.

Success exploitation requires an image access authentication scheme
to be configured e.g. via "img_auth.php" script.

The security issue is reported in version 1.5 and later.

SOLUTION:
Update to version 1.15.2 or later.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------