DokuWiki is vulnerable to shell command injection and Denial of Service attacks when using ImageMagick.
|Package||www-apps/dokuwiki on all architectures|
|Affected versions||< 20060309e|
|Unaffected versions||>= 20060309e|
DokuWiki is a wiki targeted at developer teams, workgroups and small companies. It does not use a database backend.
Input validation flaws have been discovered in the image handling of fetch.php if ImageMagick is used, which is not the default method.
A remote attacker could exploit the flaws to execute arbitrary shell commands with the rights of the web server daemon or cause a Denial of Service.
There is no known workaround at this time.
All DokuWiki users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/dokuwiki-20060309e"
September 28, 2006
December 13, 2006: 02