View previous topic :: View next topic |
Author |
Message |
GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sat Feb 07, 2015 6:26 pm Post subject: [ GLSA 201502-04 ] MediaWiki |
|
|
Gentoo Linux Security Advisory
Title: MediaWiki: Multiple vulnerabilities (GLSA 201502-04)
Severity: high
Exploitable: remote
Date: February 07, 2015
Bug(s): #498064, #499632, #503012, #506018, #515138, #518608, #523852, #524364, #532920
ID: 201502-04
Synopsis
Multiple vulnerabilities have been found in MediaWiki, the worst of
which may allow remote attackers to execute arbitrary code.
Background
MediaWiki is a collaborative editing software used by large projects
such as Wikipedia.
Affected Packages
Package: www-apps/mediawiki
Vulnerable: < 1.23.8
Unaffected: >= 1.23.8
Unaffected: >= 1.22.15 < 1.22.16
Unaffected: >= 1.19.23 < 1.19.24
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in MediaWiki. Please
review the CVE identifiers and MediaWiki announcement referenced below
for details.
Impact
A remote attacker may be able to execute arbitrary code with the
privileges of the process, create a Denial of Service condition, obtain
sensitive information, bypass security restrictions, and inject arbitrary
web script or HTML.
Workaround
There is no known workaround at this time.
Resolution
All MediaWiki 1.23 users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.23.8"
| All MediaWiki 1.22 users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.22.15"
| All MediaWiki 1.19 users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.19.23"
|
References
CVE-2013-6451
CVE-2013-6452
CVE-2013-6453
CVE-2013-6454
CVE-2013-6472
CVE-2014-1610
CVE-2014-2242
CVE-2014-2243
CVE-2014-2244
CVE-2014-2665
CVE-2014-2853
CVE-2014-5241
CVE-2014-5242
CVE-2014-5243
CVE-2014-7199
CVE-2014-7295
CVE-2014-9276
CVE-2014-9277
CVE-2014-9475
CVE-2014-9476
CVE-2014-9477
CVE-2014-9478
CVE-2014-9479
CVE-2014-9480
CVE-2014-9481
CVE-2014-9487
CVE-2014-9507
MediaWiki Security and Maintenance Releases: 1.19.17, 1.21.11, 1.22.8 and
1.23.1
Last edited by GLSA on Thu Jun 18, 2015 4:16 am; edited 1 time in total |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|