Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 201206-09 ] MediaWiki: Multiple vulnerabilities
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Advocate
Advocate


Joined: 12 May 2004
Posts: 2663

PostPosted: Thu Jun 21, 2012 7:26 pm    Post subject: [ GLSA 201206-09 ] MediaWiki: Multiple vulnerabilities Reply with quote

Gentoo Linux Security Advisory

Title: MediaWiki: Multiple vulnerabilities (GLSA 201206-09)
Severity: high
Exploitable: remote
Date: June 21, 2012
Bug(s): #366685, #409513
ID: 201206-09

Synopsis

Multiple vulnerabilities have been found in MediaWiki, the worst of
which leading to remote execution of arbitrary code.


Background

The MediaWiki wiki web application as used on wikipedia.org.

Affected Packages

Package: www-apps/mediawiki
Vulnerable: < 1.18.2
Unaffected: >= 1.18.2
Architectures: All supported architectures


Description

Multiple vulnerabilities have been discovered in mediawiki. Please
review the CVE identifiers referenced below for details.


Impact

MediaWiki allows remote attackers to bypass authentication, to perform
imports from any wgImportSources wiki via a crafted POST request, to
conduct cross-site scripting (XSS) attacks or obtain sensitive
information, to inject arbitrary web script or HTML, to conduct
clickjacking attacks, to execute arbitrary PHP code, to inject arbitrary
web script or HTML, to bypass intended access restrictions and to obtain
sensitive information.


Workaround

There is no known workaround at this time.

Resolution

All MediaWiki users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.18.2"
   


References

CVE-2010-2787
CVE-2010-2788
CVE-2010-2789
CVE-2011-0003
CVE-2011-0047
CVE-2011-0537
CVE-2011-1579
CVE-2011-1580
CVE-2011-1766
CVE-2011-1766
CVE-2012-1578
CVE-2012-1579
CVE-2012-1580
CVE-2012-1581
CVE-2012-1582


Last edited by GLSA on Fri Jun 22, 2012 4:29 am; edited 1 time in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum