Joined: 12 May 2004
|Posted: Thu Jun 21, 2012 7:26 pm Post subject: [ GLSA 201206-09 ] MediaWiki: Multiple vulnerabilities
|Gentoo Linux Security Advisory
Title: MediaWiki: Multiple vulnerabilities (GLSA 201206-09)
Date: June 21, 2012
Bug(s): #366685, #409513
Multiple vulnerabilities have been found in MediaWiki, the worst of
which leading to remote execution of arbitrary code.
The MediaWiki wiki web application as used on wikipedia.org.
Vulnerable: < 1.18.2
Unaffected: >= 1.18.2
Architectures: All supported architectures
Multiple vulnerabilities have been discovered in mediawiki. Please
review the CVE identifiers referenced below for details.
MediaWiki allows remote attackers to bypass authentication, to perform
imports from any wgImportSources wiki via a crafted POST request, to
conduct cross-site scripting (XSS) attacks or obtain sensitive
information, to inject arbitrary web script or HTML, to conduct
clickjacking attacks, to execute arbitrary PHP code, to inject arbitrary
web script or HTML, to bypass intended access restrictions and to obtain
There is no known workaround at this time.
All MediaWiki users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.18.2"
Last edited by GLSA on Fri Jun 22, 2012 4:29 am; edited 1 time in total
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum