GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sat Oct 31, 2015 6:26 pm Post subject: [ GLSA 201510-05 ] MediaWiki |
|
|
Gentoo Linux Security Advisory
Title: MediaWiki: Multiple vulnerabilities (GLSA 201510-05)
Severity: normal
Exploitable: remote
Date: October 31, 2015
Bug(s): #545944, #557844
ID: 201510-05
Synopsis
Multiple vulnerabilities have been found in MediaWiki, the worst of
which may allow remote attackers to cause a Denial of Service.
Background
MediaWiki is a collaborative editing software used by large projects
such as Wikipedia.
Affected Packages
Package: www-apps/mediawiki
Vulnerable: < 1.25.2
Unaffected: >= 1.25.2
Unaffected: >= 1.24.3 < 1.24.4
Unaffected: >= 1.23.10 < 1.23.11
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in MediaWiki. Please
review the CVE identifiers referenced below for details.
Impact
A remote attacker may be able to create a Denial of Service condition,
obtain sensitive information, bypass security restrictions, and inject
arbitrary web script or HTML.
Workaround
There is no known workaround at this time.
Resolution
All MediaWiki 1.25 users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.25.2"
| All MediaWiki 1.24 users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.24.3"
| All MediaWiki 1.23 users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.23.10"
|
References
CVE-2015-2931
CVE-2015-2932
CVE-2015-2933
CVE-2015-2934
CVE-2015-2935
CVE-2015-2936
CVE-2015-2937
CVE-2015-2938
CVE-2015-2939
CVE-2015-2940
CVE-2015-2941
CVE-2015-2942
CVE-2015-6728
CVE-2015-6729
CVE-2015-6730
CVE-2015-6731
CVE-2015-6732
CVE-2015-6733
CVE-2015-6734
CVE-2015-6735
CVE-2015-6736
CVE-2015-6737 |
|