Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

[ GLSA 201502-04 ] MediaWiki
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Advocate
Advocate


Joined: 12 May 2004
Posts: 2663
PostPosted: Sat Feb 07, 2015 6:26 pm    Post subject: [ GLSA 201502-04 ] MediaWiki Reply with quote
Gentoo Linux Security Advisory

Title: MediaWiki: Multiple vulnerabilities (GLSA 201502-04)
Severity: high
Exploitable: remote
Date: February 07, 2015
Bug(s): #498064, #499632, #503012, #506018, #515138, #518608, #523852, #524364, #532920
ID: 201502-04

Synopsis

Multiple vulnerabilities have been found in MediaWiki, the worst of
which may allow remote attackers to execute arbitrary code.


Background

MediaWiki is a collaborative editing software used by large projects
such as Wikipedia.


Affected Packages

Package: www-apps/mediawiki
Vulnerable: < 1.23.8
Unaffected: >= 1.23.8
Unaffected: >= 1.22.15 < 1.22.16
Unaffected: >= 1.19.23 < 1.19.24
Architectures: All supported architectures


Description

Multiple vulnerabilities have been discovered in MediaWiki. Please
review the CVE identifiers and MediaWiki announcement referenced below
for details.


Impact

A remote attacker may be able to execute arbitrary code with the
privileges of the process, create a Denial of Service condition, obtain
sensitive information, bypass security restrictions, and inject arbitrary
web script or HTML.


Workaround

There is no known workaround at this time.

Resolution

All MediaWiki 1.23 users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.23.8"
   
All MediaWiki 1.22 users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.22.15"
   
All MediaWiki 1.19 users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.19.23"
   


References

CVE-2013-6451
CVE-2013-6452
CVE-2013-6453
CVE-2013-6454
CVE-2013-6472
CVE-2014-1610
CVE-2014-2242
CVE-2014-2243
CVE-2014-2244
CVE-2014-2665
CVE-2014-2853
CVE-2014-5241
CVE-2014-5242
CVE-2014-5243
CVE-2014-7199
CVE-2014-7295
CVE-2014-9276
CVE-2014-9277
CVE-2014-9475
CVE-2014-9476
CVE-2014-9477
CVE-2014-9478
CVE-2014-9479
CVE-2014-9480
CVE-2014-9481
CVE-2014-9487
CVE-2014-9507

MediaWiki Security and Maintenance Releases: 1.19.17, 1.21.11, 1.22.8 and
1.23.1


Last edited by GLSA on Thu Jun 18, 2015 4:16 am; edited 1 time in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy