From secunia advisory at $URL: Description: 1) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. block or unblock a user by tricking a logged in administrator into visiting a malicious web site. 2) An error due to the application failing to restrict access to the user.tokens module can be exploited to disclose a user's CSRF tokens. 3) Certain unspecified input passed to the wikitext parser when creating a page is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Note: This can further be exploited to cause an infinite loop and exhaust memory. The vulnerabilities are reported in versions prior to 1.17.3 and 1.18.2. Solution Update to version 1.17.3 or 1.18.2.
1.18.2 is already in the tree go ahead and stabilize it.
Great, thanks. Arches, please test and mark stable: =www-apps/mediawiki-1.18.2 Target keywords : "amd64 ppc x86"
amd64 stable
x86 stable
ppc done
Thanks, folks. GLSA Vote: no.
GLSA vote: no. Closing noglsa.
This was already added to pending GLSA request, so there will be a GLSA.
This issue was resolved and addressed in GLSA 201206-09 at http://security.gentoo.org/glsa/glsa-201206-09.xml by GLSA coordinator Stefan Behte (craig).
CVE-2012-1582 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1582): Cross-site scripting (XSS) vulnerability in the wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to inject arbitrary web script or HTML via a crafted page with "forged strip item markers," as demonstrated using the CharInsert extension. CVE-2012-1581 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1581): MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remote attackers to change the passwords of arbitrary users. CVE-2012-1580 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1580): Cross-site request forgery (CSRF) vulnerability in Special:Upload in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload files. CVE-2012-1579 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1579): The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information. CVE-2012-1578 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1578): Multiple cross-site request forgery (CSRF) vulnerabilities in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allow remote attackers to hijack the authentication of users with the block permission for requests that (1) block a user via a request to the Block module or (2) unblock a user via a request to the Unblock module.
