[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1413-1] dokuwiki security update

Package        : dokuwiki
Version        : 0.0.20140505.a+dfsg-4+deb8u1
CVE ID         : CVE-2017-18123
Debian Bug     : 889281

The call parameter of /lib/exe/ajax.php in DokuWiki through
2017-02-19e does not properly encode user input, which leads to a
reflected file download vulnerability, and allows remote attackers to
run arbitrary programs.

For Debian 8 "Jessie", these problems have been fixed in version

We recommend that you upgrade your dokuwiki packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Attachment: signature.asc
Description: PGP signature

Reply to: