Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 563636 - <www-apps/mediawiki-1.25.6: multiple vulnerabilities
Summary: <www-apps/mediawiki-1.25.6: multiple vulnerabilities
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa]
Depends on: CVE-2016-6331, CVE-2016-6332, CVE-2016-6333, CVE-2016-6334, CVE-2016-6335, CVE-2016-6336, CVE-2016-6337
  Show dependency tree
Reported: 2015-10-21 07:15 UTC by Agostino Sarubbo
Modified: 2017-01-16 03:43 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2015-10-21 07:15:09 UTC
From ${URL} :

Several flaws were found in Mediawiki:

* Wikipedia user RobinHood70 reported that the API failed to correctly stop
adding new chunks to the upload when the reported size was exceeded,
allowing a malicious users to upload add an infinite number of chunks for a
single file upload.

* Wikipedia user RobinHood70 also reported that a malicious user could
upload chunks of 1 byte for very large files, potentially creating a very
large number of files on the server's filesystem.

* Internal review discovered that it is not possible to throttle file

* Internal review discovered a missing authorization check when removing
suppression from a revision. This allowed users with the 'viewsuppressed'
user right but not the appropriate 'suppressrevision' user right to
unsuppress revisions.

* Richard Stanway from reported that thumbnails of PNG files
generated with ImageMagick contained the local file path in the image

* Extension:PageTriage - MediaWiki user Grunny discovered a DOM-based XSS in
the way the extension handled page titles.

* Extension:Echo - Internal review discovered that Echo could display
or suppressed usernames when the username was previously used to Thank

* Extension:OAuth - Wikipedia user Sitic discovered that the OAuth
extension did not correctly enforce the IP restrictions of a Consumer when
using previously negotiated credentials.

* Extension:OAuth - Wikipedia user Sitic discovered that OAuth would accept
a valid signature from any Consumer when checking the authorization
signature. This allowed a registered Consumer who gained access to another
Consumer's users' access tokens and secrets to use those credentials.

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2016-11-29 00:27:16 UTC
Upstream fixed the reported issues with security release v1.25.3. First version containing the fixes which appeared in Gentoo repository was v1.25.6.
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2017-01-16 03:43:02 UTC
GLSA Vote: No

Tree is clean: