Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Fedora 22: MediaWiki Critical Security Advisory on XSS Threat

fedora
Calendar Grey January 8, 2016
Dist Fedora Esm H88
Fedora 22 MediaWiki revision tackles vulnerabilities, bolstering protection against XSS and various other concerns.
Changes since 1.26.1 * (bug T121892) Various special pages resulted in fatal errors

Summary

MediaWiki is the software used for Wikipedia and the other Wikimedia

Foundation websites. Compared to other wikis, it has an excellent

range of features and support for high-traffic websites using multiple

servers

This package supports wiki farms. Read the instructions for creating wiki

instances under /usr/share/doc/mediawiki/README.RPM.

Remember to remove the config dir after completing the configuration.

Update Information:

Changes since 1.26.1 * (bug T121892) Various special pages resulted in fatal errors. Changes since 1.26.0 * (bug T117899) SECURITY: $wgArticlePath can no longer be set to relative paths that do not begin with a slash. This enabled trivial XSS attacks. Configuration values such as "" are fine, as are "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now throw an error * (bug T119309) SECURITY: Use hash_compare() for edit token comparison * (bug T118032) SECURITY: Don't allow cURL to interpret POST parameters starting with '@' as file uploads * (bug T115522) SECURITY: Passwords generated by User::randomPassword() can no longer be shorter than $wgMinimalPasswordLength * (bug T97897) SECURITY: Improve IP parsing and trimming. Previous behavior could result in improper blocks being issued * (bug T109724) SECURITY: Special:MyPage, Special:MyTalk, Special:MyContributions and related pages no longer use HTTP redirects and are now redirected by MediaWiki * Fixed ConfigExceptio...

Change Log

References


[ 1 ] Bug #1293847 - mediawiki: multiple flaws fixed in 1.26.1, 1.25.4, 1.24.5, and 1.23.12 https://bugzilla.redhat.com/show_bug.cgi?id=1293847

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update mediawiki' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: mediawiki
Product: Fedora 22
Version: 1.26.2
Release: 1.fc22
Summary: A wiki engine

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here