ArchLinux: 201512-15: mediawiki: multiple issues
Summary
- CVE-2015-8622:
(T117899) XSS from wikitext when $wgArticlePath='$1'. Internal review
discovered an XSS vector when MediaWiki is configured with a
non-standard configuration.
- CVE-2015-8624:
(T119309) User::matchEditToken should use constant-time string
comparison. Internal review discovered that tokens were being compared
as strings, which could allow a timing attack.
- CVE-2015-8625:
(T118032) Error thrown by VirtualRESTService when POST variable starts
with '@'. Internal review discovered that MediaWiki was not sanitizing
parameters passed to the curl library, which could cause curl to upload
files from the webserver to an attacker.
- CVE-2015-8626:
(T115522) Passwords generated by User::randomPassword() may be shorter
than $wgMinimalPasswordLength. MediaWiki user Frank R. Farmer reported
that the password reset token could be shorter than the minimum required
password length.
- CVE-2015-8627:
(T97897) Incorrect parsing of IPs for global block. Wikimedia steward
Vituzzu reported that blocking IP addresses with zero-padded octets
resulted in a failure to block the IP address.
- CVE-2015-8628:
(T109724) A combination of Special:MyPage redirects and pagecounts
allows an external site to know the wikipedia login of an user.
Wikimedia user Xavier Combelle reported a way to identify user, when
detailed page view data is also released.
Resolution
Upgrade to 1.26.2-1.
# pacman -Syu "mediawiki>=1.26.2-1"
The problem has been fixed upstream in version 1.26.1.
References
https://seclists.org/oss-sec/2015/q4/573 https://phabricator.wikimedia.org/T97897 https://phabricator.wikimedia.org/T109724 https://phabricator.wikimedia.org/T115522 https://phabricator.wikimedia.org/T117899 https://phabricator.wikimedia.org/T118032 https://phabricator.wikimedia.org/T119309 https://access.redhat.com/security/cve/CVE-2015-8622 https://access.redhat.com/security/cve/CVE-2015-8624 https://access.redhat.com/security/cve/CVE-2015-8625 https://access.redhat.com/security/cve/CVE-2015-8626 https://access.redhat.com/security/cve/CVE-2015-8627 https://access.redhat.com/security/cve/CVE-2015-8628
Workaround
None.