Mehrere Probleme in MediaWiki
ID: | 201502-04 |
Distribution: | Gentoo |
Plattformen: | Keine Angabe |
Datum: | Sa, 7. Februar 2015, 22:36 |
Referenzen: | http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9277
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6453 https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-June/000155.html http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1610 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9480 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9276 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7295 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7199 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9479 |
Applikationen: | MediaWiki |
Originalnachricht |
|
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --1rKW4s0tals7UBxRKxWFwJ9iBuu2n2iNu Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201502-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: MediaWiki: Multiple vulnerabilities Date: February 07, 2015 Bugs: #498064, #499632, #503012, #506018, #515138, #518608, #523852, #524364, #532920 ID: 201502-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in MediaWiki, the worst of which may allow remote attackers to execute arbitrary code. Background ========== MediaWiki is a collaborative editing software used by large projects such as Wikipedia. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/mediawiki < 1.23.8 >= 1.23.8 *>= 1.22.15 *>= 1.19.23 Description =========== Multiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers and MediaWiki announcement referenced below for details. Impact ====== A remote attacker may be able to execute arbitrary code with the privileges of the process, create a Denial of Service condition, obtain sensitive information, bypass security restrictions, and inject arbitrary web script or HTML. Workaround ========== There is no known workaround at this time. Resolution ========== All MediaWiki 1.23 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.23.8" All MediaWiki 1.22 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.22.15" All MediaWiki 1.19 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.19.23" References ========== [ 1 ] CVE-2013-6451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6451 [ 2 ] CVE-2013-6452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6452 [ 3 ] CVE-2013-6453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6453 [ 4 ] CVE-2013-6454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6454 [ 5 ] CVE-2013-6472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6472 [ 6 ] CVE-2014-1610 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1610 [ 7 ] CVE-2014-2242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2242 [ 8 ] CVE-2014-2243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2243 [ 9 ] CVE-2014-2244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2244 [ 10 ] CVE-2014-2665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2665 [ 11 ] CVE-2014-2853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2853 [ 12 ] CVE-2014-5241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5241 [ 13 ] CVE-2014-5242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5242 [ 14 ] CVE-2014-5243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5243 [ 15 ] CVE-2014-7199 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7199 [ 16 ] CVE-2014-7295 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7295 [ 17 ] CVE-2014-9276 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9276 [ 18 ] CVE-2014-9277 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9277 [ 19 ] CVE-2014-9475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9475 [ 20 ] CVE-2014-9476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9476 [ 21 ] CVE-2014-9477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9477 [ 22 ] CVE-2014-9478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9478 [ 23 ] CVE-2014-9479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9479 [ 24 ] CVE-2014-9480 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9480 [ 25 ] CVE-2014-9481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9481 [ 26 ] CVE-2014-9487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9487 [ 27 ] CVE-2014-9507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9507 [ 28 ] MediaWiki Security and Maintenance Releases: 1.19.17, 1.21.11, 1.22.8 and 1.23.1 https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-June/000155.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201502-04.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 --1rKW4s0tals7UBxRKxWFwJ9iBuu2n2iNu Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJU1ktuAAoJEP7VAChXwav6eI0IAJPn4WPCS8qUQD6Ba/SSjGUq GU3yWJeaxC/sCDJgrQSxcLLMY7owE29/E0aNCzHN1a+EUft5wZf21I/iSLXoZb++ 0pQHgQVUJV3r4nwXc5LEsOPUfQLu0Qx2NuXFtf2n6ghBNKFeYthBUr3OdSTx06YO c0UUGXhApuDmg/AjtqAnJF+56SxWM2/6leCE/VHrYmz3mUwCBDf+u4UwBEbR3ZrN avCXQGtgPoDMFc8YTGveyYbB3/cEWLYb6r7gTG+jzYl3YZTdZZaFJUJu++UxBlYk E5fr2jOXcg3KG1ci1W+ac2XAuYJBU2SyZuw+CRsSW7ooAB5HbybWh9d2cOa108c= =oHWb -----END PGP SIGNATURE----- --1rKW4s0tals7UBxRKxWFwJ9iBuu2n2iNu-- |