GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu Jun 21, 2012 7:26 pm Post subject: [ GLSA 201206-09 ] MediaWiki: Multiple vulnerabilities |
 |
|
Gentoo Linux Security Advisory
Title: MediaWiki: Multiple vulnerabilities (GLSA 201206-09)
Severity: high
Exploitable: remote
Date: June 21, 2012
Bug(s): #366685, #409513
ID: 201206-09
Synopsis
Multiple vulnerabilities have been found in MediaWiki, the worst of
which leading to remote execution of arbitrary code.
Background
The MediaWiki wiki web application as used on wikipedia.org.
Affected Packages
Package: www-apps/mediawiki
Vulnerable: < 1.18.2
Unaffected: >= 1.18.2
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in mediawiki. Please
review the CVE identifiers referenced below for details.
Impact
MediaWiki allows remote attackers to bypass authentication, to perform
imports from any wgImportSources wiki via a crafted POST request, to
conduct cross-site scripting (XSS) attacks or obtain sensitive
information, to inject arbitrary web script or HTML, to conduct
clickjacking attacks, to execute arbitrary PHP code, to inject arbitrary
web script or HTML, to bypass intended access restrictions and to obtain
sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All MediaWiki users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.18.2"
|
References
CVE-2010-2787
CVE-2010-2788
CVE-2010-2789
CVE-2011-0003
CVE-2011-0047
CVE-2011-0537
CVE-2011-1579
CVE-2011-1580
CVE-2011-1766
CVE-2011-1766
CVE-2012-1578
CVE-2012-1579
CVE-2012-1580
CVE-2012-1581
CVE-2012-1582
Last edited by GLSA on Fri Jun 22, 2012 4:29 am; edited 1 time in total |
|
News & Announcements
