Arch Linux Security Advisory ASA-201512-15
=========================================
Severity: Medium
Date    : 2015-12-25
CVE-ID  : CVE-2015-8622 CVE-2015-8624 CVE-2015-8625 CVE-2015-8626
CVE-2015-8627 CVE-2015-8628
Package : mediawiki
Type    : multiple issues
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package mediawiki before version 1.26.2-1 is vulnerable to multiple
issues including XSS, timing attack, sensitive information leak,
password-policy bypass and IP-blocking bypass.

Resolution
=========
Upgrade to 1.26.2-1.

# pacman -Syu "mediawiki>=1.26.2-1"

The problem has been fixed upstream in version 1.26.1.

Workaround
=========
None.

Description
==========
- CVE-2015-8622:

(T117899) XSS from wikitext when $wgArticlePath='$1'. Internal review
discovered an XSS vector when MediaWiki is configured with a
non-standard configuration.

- CVE-2015-8624:

(T119309) User::matchEditToken should use constant-time string
comparison. Internal review discovered that tokens were being compared
as strings, which could allow a timing attack.

- CVE-2015-8625:

(T118032) Error thrown by VirtualRESTService when POST variable starts
with '@'. Internal review discovered that MediaWiki was not sanitizing
parameters passed to the curl library, which could cause curl to upload
files from the webserver to an attacker.

- CVE-2015-8626:

(T115522) Passwords generated by User::randomPassword() may be shorter
than $wgMinimalPasswordLength. MediaWiki user Frank R. Farmer reported
that the password reset token could be shorter than the minimum required
password length.

- CVE-2015-8627:

(T97897) Incorrect parsing of IPs for global block. Wikimedia steward
Vituzzu reported that blocking IP addresses with zero-padded octets
resulted in a failure to block the IP address.

- CVE-2015-8628:

(T109724) A combination of Special:MyPage redirects and pagecounts
allows an external site to know the wikipedia login of an user.
Wikimedia user Xavier Combelle reported a way to identify user, when
detailed page view data is also released.

Impact
=====
A remote attacker might be able to access sensitive information by
tricking the server into uploading file content or by a timing attack. A
remote attacker might be able to bypass password policy and IP blocking
measures.

References
=========
https://seclists.org/oss-sec/2015/q4/573
https://phabricator.wikimedia.org/T97897
https://phabricator.wikimedia.org/T109724
https://phabricator.wikimedia.org/T115522
https://phabricator.wikimedia.org/T117899
https://phabricator.wikimedia.org/T118032
https://phabricator.wikimedia.org/T119309
https://access.redhat.com/security/cve/CVE-2015-8622
https://access.redhat.com/security/cve/CVE-2015-8624
https://access.redhat.com/security/cve/CVE-2015-8625
https://access.redhat.com/security/cve/CVE-2015-8626
https://access.redhat.com/security/cve/CVE-2015-8627
https://access.redhat.com/security/cve/CVE-2015-8628

ArchLinux: 201512-15: mediawiki: multiple issues

December 25, 2015

Summary

- CVE-2015-8622: (T117899) XSS from wikitext when $wgArticlePath='$1'. Internal review discovered an XSS vector when MediaWiki is configured with a non-standard configuration.
- CVE-2015-8624:
(T119309) User::matchEditToken should use constant-time string comparison. Internal review discovered that tokens were being compared as strings, which could allow a timing attack.
- CVE-2015-8625:
(T118032) Error thrown by VirtualRESTService when POST variable starts with '@'. Internal review discovered that MediaWiki was not sanitizing parameters passed to the curl library, which could cause curl to upload files from the webserver to an attacker.
- CVE-2015-8626:
(T115522) Passwords generated by User::randomPassword() may be shorter than $wgMinimalPasswordLength. MediaWiki user Frank R. Farmer reported that the password reset token could be shorter than the minimum required password length.
- CVE-2015-8627:
(T97897) Incorrect parsing of IPs for global block. Wikimedia steward Vituzzu reported that blocking IP addresses with zero-padded octets resulted in a failure to block the IP address.
- CVE-2015-8628:
(T109724) A combination of Special:MyPage redirects and pagecounts allows an external site to know the wikipedia login of an user. Wikimedia user Xavier Combelle reported a way to identify user, when detailed page view data is also released.

Resolution

Upgrade to 1.26.2-1. # pacman -Syu "mediawiki>=1.26.2-1"
The problem has been fixed upstream in version 1.26.1.

References

https://seclists.org/oss-sec/2015/q4/573 https://phabricator.wikimedia.org/T97897 https://phabricator.wikimedia.org/T109724 https://phabricator.wikimedia.org/T115522 https://phabricator.wikimedia.org/T117899 https://phabricator.wikimedia.org/T118032 https://phabricator.wikimedia.org/T119309 https://access.redhat.com/security/cve/CVE-2015-8622 https://access.redhat.com/security/cve/CVE-2015-8624 https://access.redhat.com/security/cve/CVE-2015-8625 https://access.redhat.com/security/cve/CVE-2015-8626 https://access.redhat.com/security/cve/CVE-2015-8627 https://access.redhat.com/security/cve/CVE-2015-8628

Severity
CVE-2015-8627 CVE-2015-8628
Package : mediawiki
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/title/CVE

Workaround

None.

Related News

19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved