Summary: | <www-apps/mediawiki-{1.19.23,1.22.15,1.23.8,1.24.1}: multiple vulnerabilities (CVE-2014-{9276,9277,9475,9476,9477,9478,9479,9480,9481,9487,9507}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html | ||
Whiteboard: | B4 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Hanno Böck
2014-12-18 11:23:11 UTC
All four versions added to the tree. Feel free to start the stabilization process for the currently stable series. Thanks, Tim! Arches, please stabilize: =www-apps/mediawiki-1.19.23 =www-apps/mediawiki-1.22.15 =www-apps/mediawiki-1.23.8 amd64 stable x86 stable ppc stable. Maintainer(s), please cleanup. Security, please vote. CVE-2014-9507 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9507): MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS. CVE-2014-9277 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9277): The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing <cross-domain-policy> in a PHP format request, which causes the string length to change when converting the request to <NOT-cross-domain-policy>. CVE-2014-9276 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9276): Cross-site request forgery (CSRF) vulnerability in the Special:ExpandedTemplates page in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgRawHTML is set to true, allows remote attackers to hijack the authentication of users with edit permissions for requests that cross-site scripting (XSS) attacks via the wpInput parameter, which is not properly handled in the preview. Arches and Maintainer(s), Thank you for your work. GLSA Vote: No This is already on an existing GLSA draft. CVE-2014-9476 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9476): MediaWiki 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote attackers to bypass CORS restrictions in $wgCrossSiteAJAXdomains via a domain that has a partial match to an allowed origin, as demonstrated by "http://en.wikipedia.org.evilsite.example/." CVE-2014-9475 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9475): Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject arbitrary web script or HTML via a wikitext message. This issue was resolved and addressed in GLSA 201502-04 at http://security.gentoo.org/glsa/glsa-201502-04.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |