ArchLinux: 201711-20: mediawiki: multiple issues
Summary
- CVE-2017-0361 (information disclosure)
MediaWiki before 1.29.2 may leak passwords in plaintext. API parameters
may now be marked as "sensitive" to keep their values out of the logs.
- CVE-2017-8808 (cross-site scripting)
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2
has XSS when the $wgShowExceptionDetails setting is false and the
browser sends non-standard URL escaping.
- CVE-2017-8809 (url request injection)
api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x
before 1.29.2 has a Reflected File Download vulnerability.
- CVE-2017-8810 (information disclosure)
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before
1.29.2, when a private wiki is configured, provides different error
messages for failed login attempts depending on whether the username
exists, which allows remote attackers to enumerate account names and
conduct brute-force attacks via a series of requests.
- CVE-2017-8811 (cross-site scripting)
The implementation of raw message parameter expansion in MediaWiki
before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows
HTML mangling attacks.
- CVE-2017-8812 (insufficient validation)
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2
allows remote attackers to inject > (greater than) characters via the
id attribute of a headline.
- CVE-2017-8814 (cross-site scripting)
The language converter in MediaWiki before 1.27.4, 1.28.x before
1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text
inside tags via a rule definition followed by "a lot of junk."
- CVE-2017-8815 (cross-site scripting)
The language converter in MediaWiki before 1.27.4, 1.28.x before
1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via
glossary rules.
Resolution
Upgrade to 1.29.2-1.
# pacman -Syu "mediawiki>=1.29.2-1"
The problems have been fixed upstream in version 1.29.2.
References
https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/EIECM2E7PQ2VN3O4DSZBCE6K7HDW7AJC/ https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/Y4UEZTRQGDZHPBONCTDVL3C7MU7UVENO/ https://phabricator.wikimedia.org/T125177 https://phabricator.wikimedia.org/T180488 https://github.com/wikimedia/mediawiki/commit/8b0220e81ba462d21d8e1facbe6aed047f7418a2 https://github.com/wikimedia/mediawiki/commit/59ce3456a8007d76875fe8fb21eff4a90b214034 https://phabricator.wikimedia.org/T178451 https://github.com/wikimedia/mediawiki/commit/1713ddeff12b263fb7634796dc029d3fe26ade41 https://phabricator.wikimedia.org/T128209 https://github.com/wikimedia/mediawiki/commit/9bf2c01ea238d0e71c56bad7341c89345855bd5d https://phabricator.wikimedia.org/T134100 https://github.com/wikimedia/mediawiki/commit/e7ea90509c73c60b665b8f63e3bb95b1adfec78c https://phabricator.wikimedia.org/T176247 https://github.com/wikimedia/mediawiki/commit/410c00a9ae92411d3d1568e84c4aa2579a577635 https://phabricator.wikimedia.org/T125163 https://github.com/wikimedia/mediawiki/commit/31041e4557c2f4b96ef0a16e44bf6be5566a9ffb https://phabricator.wikimedia.org/T124404 https://github.com/wikimedia/mediawiki/commit/fbe78cfa094645b907d0fd2885c5797321f794eb https://phabricator.wikimedia.org/T119158 https://github.com/wikimedia/mediawiki/commit/f21f3942eb10d7e688eb25261ac3a9478268cbd3 https://security.archlinux.org/CVE-2017-0361 https://security.archlinux.org/CVE-2017-8808 https://security.archlinux.org/CVE-2017-8809 https://security.archlinux.org/CVE-2017-8810 https://security.archlinux.org/CVE-2017-8811 https://security.archlinux.org/CVE-2017-8812 https://security.archlinux.org/CVE-2017-8814 https://security.archlinux.org/CVE-2017-8815
Workaround
None.
