- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201510-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: MediaWiki: Multiple vulnerabilities
     Date: October 31, 2015
     Bugs: #545944, #557844
       ID: 201510-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======
Multiple vulnerabilities have been found in MediaWiki, the worst of
which may allow remote attackers to cause a Denial of Service.

Background
=========
MediaWiki is a collaborative editing software used by large projects
such as Wikipedia.

Affected packages
================
    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  www-apps/mediawiki           < 1.25.2                  >= 1.25.2
                                                           *>= 1.24.3
                                                          *>= 1.23.10

Description
==========
Multiple vulnerabilities have been discovered in MediaWiki. Please
review the CVE identifiers referenced below for details.

Impact
=====
A remote attacker may be able to create a Denial of Service condition,
obtain sensitive information, bypass security restrictions, and inject
arbitrary web script or HTML.

Workaround
=========
There is no known workaround at this time.

Resolution
=========
All MediaWiki 1.25 users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.25.2"

All MediaWiki 1.24 users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.24.3"

All MediaWiki 1.23 users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.23.10"

References
=========
[  1 ] CVE-2015-2931
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2931
[  2 ] CVE-2015-2932
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2932
[  3 ] CVE-2015-2933
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2933
[  4 ] CVE-2015-2934
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2934
[  5 ] CVE-2015-2935
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2935
[  6 ] CVE-2015-2936
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2936
[  7 ] CVE-2015-2937
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2937
[  8 ] CVE-2015-2938
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2938
[  9 ] CVE-2015-2939
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2939
[ 10 ] CVE-2015-2940
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2940
[ 11 ] CVE-2015-2941
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2941
[ 12 ] CVE-2015-2942
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2942
[ 13 ] CVE-2015-6728
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6728
[ 14 ] CVE-2015-6729
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6729
[ 15 ] CVE-2015-6730
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6730
[ 16 ] CVE-2015-6731
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6731
[ 17 ] CVE-2015-6732
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6732
[ 18 ] CVE-2015-6733
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6733
[ 19 ] CVE-2015-6734
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6734
[ 20 ] CVE-2015-6735
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6735
[ 21 ] CVE-2015-6736
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6736
[ 22 ] CVE-2015-6737
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6737

Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/201510-05

Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5/

Gentoo: GLSA-201510-05: MediaWiki: Multiple vulnerabilities

Multiple vulnerabilities have been found in MediaWiki, the worst of which may allow remote attackers to cause a Denial of Service.

Summary

Multiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers referenced below for details.

Resolution

All MediaWiki 1.25 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.25.2"
All MediaWiki 1.24 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.24.3"
All MediaWiki 1.23 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.23.10"

References

[ 1 ] CVE-2015-2931 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2931 [ 2 ] CVE-2015-2932 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2932 [ 3 ] CVE-2015-2933 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2933 [ 4 ] CVE-2015-2934 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2934 [ 5 ] CVE-2015-2935 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2935 [ 6 ] CVE-2015-2936 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2936 [ 7 ] CVE-2015-2937 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2937 [ 8 ] CVE-2015-2938 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2938 [ 9 ] CVE-2015-2939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2939 [ 10 ] CVE-2015-2940 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2940 [ 11 ] CVE-2015-2941 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2941 [ 12 ] CVE-2015-2942 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2942 [ 13 ] CVE-2015-6728 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6728 [ 14 ] CVE-2015-6729 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6729 [ 15 ] CVE-2015-6730 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6730 [ 16 ] CVE-2015-6731 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6731 [ 17 ] CVE-2015-6732 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6732 [ 18 ] CVE-2015-6733 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6733 [ 19 ] CVE-2015-6734 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6734 [ 20 ] CVE-2015-6735 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6735 [ 21 ] CVE-2015-6736 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6736 [ 22 ] CVE-2015-6737 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6737

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201510-05

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity
Severity: Normal
Title: MediaWiki: Multiple vulnerabilities
Date: October 31, 2015
Bugs: #545944, #557844
ID: 201510-05

Synopsis

Multiple vulnerabilities have been found in MediaWiki, the worst of which may allow remote attackers to cause a Denial of Service.

Background

MediaWiki is a collaborative editing software used by large projects such as Wikipedia.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/mediawiki < 1.25.2 >= 1.25.2 *>= 1.24.3 *>= 1.23.10

Impact

===== A remote attacker may be able to create a Denial of Service condition, obtain sensitive information, bypass security restrictions, and inject arbitrary web script or HTML.

Workaround

There is no known workaround at this time.

Related News

Linux Mint 22: Elevating Security and Usability for Admins
3 - 5 min read
Linux Mint has has long been recognized as a versatile and user-friendly distribution and has earned great popularity among administrators and
Exim 4.98 Addresses Critical Vulnerabilities, Bolsters Email Server Security
2 - 4 min read
Exim is one of Unix-like systems' most widely used mail transfer agents. It's essential for email delivery and handling and is a significant part of
Recent OpenSSH RCE Bug Explained: Impact & Mitigations
2 - 4 min read
In an era where cybersecurity threats loom larger than ever, the discovery of a Remote Code Execution (RCE) vulnerability in OpenSSH by Qualys’
CVE-2024-4577: A Swiftly Weaponized Vulnerability for Ransomware Distribution
2 - 4 min read
Security researchers recently issued an update detailing how attackers are exploiting a PHP code execution vulnerability to spread TellYouThePass
Play Ransomware Group Unleashes New Threat on ESXi Environments: Analysis & Mitigation Strategies
3 - 5 min read
The Play ransomware group, well-known for its double-extortion tactics, recently unveiled a Linux variant targeting ESXi environments. This
Critical Linux Kernel Vulnerabilities Patched in Ubuntu Azure Systems
2 - 4 min read
Canonical has fixed several recently identified critical Linux kernel vulnerabilities in July 2024. These vulnerabilities primarily affect Microsoft
The Urgent Need for Secure Software Development: New Report Serves as a Wake-Up Call for the Industry
3 - 5 min read
The Linux Foundation and Open Source Security Foundation recently published a report entitled "Secure Software Development Education 2024
Severe Linux Kernel Privilege Escalation Bugs Could Compromise Entire Systems
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved