| Summary: | php-geshi new security issues CVE-2012-3521 and CVE-2012-3522 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | sysadmin-bugs, thomas |
| Version: | 2 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/550574/ | ||
| Whiteboard: | has_procedure mga2-64-ok mga2-32-ok | ||
| Source RPM: | php-geshi-1.0.8.10-1.mga2.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2013-05-14 19:29:23 CEST
It seems Fedora fixed it by upgrading. I'll do the same. Status:
NEW =>
ASSIGNED This bug has been resolved by doing an upgrade to version 1.0.8.11. I don't use this package (I have not tested it) and there are no other pacakges that require it. Please pus it to upgrades CC:
(none) =>
thomas Thanks Thomas! Advisory: ======================== Updated php-geshi package fix security vulnerabilities: A directory traversal and information disclosure (local file inclusion) flaws were found in the cssgen contrib module (application to generate custom CSS files) of GeSHi, a generic syntax highlighter, performed sanitization of 'geshi-path' and 'geshi-lang-path' HTTP GET / POST variables. A remote attacker could provide a specially-crafted URL that, when visited could lead to local file system traversal or, potentially, ability to read content of any local file, accessible with the privileges of the user running the webserver (CVE-2013-3251). A cross-site scripting (XSS) flaw was found in the way 'langwiz' example script of GeSHi, a generic syntax highlighter, performed sanitization of certain HTTP GET / POST request variables (prior dumping their content). A remote attacker could provide a specially-crafted URL that, when visited would lead to arbitrary HTML or web script execution (CVE-2013-3522). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3521 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3522 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105247.html ======================== Updated packages in core/updates_testing: ======================== php-geshi-1.0.8.11-1.mga2 from php-geshi-1.0.8.11-1.mga2.src.rpm URL:
(none) =>
http://lwn.net/Vulnerabilities/550574/ Fixing the CVE names in the advisory. Thanks Claire. Advisory: ======================== Updated php-geshi package fix security vulnerabilities: A directory traversal and information disclosure (local file inclusion) flaws were found in the cssgen contrib module (application to generate custom CSS files) of GeSHi, a generic syntax highlighter, performed sanitization of 'geshi-path' and 'geshi-lang-path' HTTP GET / POST variables. A remote attacker could provide a specially-crafted URL that, when visited could lead to local file system traversal or, potentially, ability to read content of any local file, accessible with the privileges of the user running the webserver (CVE-2012-3251). A cross-site scripting (XSS) flaw was found in the way 'langwiz' example script of GeSHi, a generic syntax highlighter, performed sanitization of certain HTTP GET / POST request variables (prior dumping their content). A remote attacker could provide a specially-crafted URL that, when visited would lead to arbitrary HTML or web script execution (CVE-2012-3522). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3521 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3522 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105247.html ======================== Updated packages in core/updates_testing: ======================== php-geshi-1.0.8.11-1.mga2 from php-geshi-1.0.8.11-1.mga2.src.rpm Testing complete mga2 64 Example here: http://qbnz.com/highlighter/geshi-doc.html#basic-usage Can be tested at http://localhost/geshi.php using the following script saved as /var/www/html/geshi.php <?php echo "This is a test page for geshi."; echo "It should display syntax highlighted code below."; // // Include the GeSHi library// include_once '/usr/share/php/geshi.php'; //// Define some source to highlight, a language to use // and the path to the language files// $source = '$foo = 45; for ( $i = 1; $i < $foo; $i++ ){ echo "$foo\n"; --$foo; }';$language = 'php'; // // Create a GeSHi object// $geshi = new GeSHi($source, $language); // // And echo the result!// echo $geshi->parse_code(); ?> Whiteboard:
(none) =>
has_procedure mga2-64-ok Note, it is necessary to give the full path to /usr/share/php/geshi.php in the script, include_once 'geshi.php'; doesn't work. Is this an issue?
claire robinson
2013-05-23 09:50:52 CEST
Whiteboard:
has_procedure mga2-64-ok =>
has_procedure mga2-64-ok feedback Any feedback on this please. Other than needing the full path, it works fine. It's not a regression but doesn't seem right. I believe this is normal. Please go ahead. There were no issues (Bug reports) with the current version except the security issue which this fixes. Thanks Thomas Validating Advisory & srpm in comment 4 Could sysadmin please push from 2 core/updates_testing to core/updates Thanks! Keywords:
(none) =>
validated_update Update packages have been pushed. Status:
ASSIGNED =>
RESOLVED
Nicolas Vigier
2014-05-08 18:05:44 CEST
CC:
boklm =>
(none) |