1. Home
  2. Security Advisories
  3. Gentoo
  4. GLSA-201502-04

[GLSA-201502-04] MediaWiki: Multiple vulnerabilities

Severity High
Affected Packages 1
Unaffected Packages 3
CVEs 27
Info Packages References Vulnerabilities

Multiple vulnerabilities have been found in MediaWiki, the worst of which may allow remote attackers to execute arbitrary code.

Background
MediaWiki is a collaborative editing software used by large projects
such as Wikipedia.

Description
Multiple vulnerabilities have been discovered in MediaWiki. Please
review the CVE identifiers and MediaWiki announcement referenced below
for details.

Impact
A remote attacker may be able to execute arbitrary code with the
privileges of the process, create a Denial of Service condition, obtain
sensitive information, bypass security restrictions, and inject arbitrary
web script or HTML.

Workaround
There is no known workaround at this time.

Resolution
All MediaWiki 1.23 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.23.8"

All MediaWiki 1.22 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.22.15"

All MediaWiki 1.19 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.19.23"

Package Affected Version
pkg:ebuild/www-apps/mediawiki?distro=gentoo < 1.23.8
Package Unaffected Version
pkg:ebuild/www-apps/mediawiki?distro=gentoo >= 1.23.8
pkg:ebuild/www-apps/mediawiki?distro=gentoo >= 1.22.15
pkg:ebuild/www-apps/mediawiki?distro=gentoo >= 1.19.23
ID
GLSA-201502-04
Severity
high
URL
https://security.gentoo.org/glsa/201502-04
Published
2015-02-07T00:00:00
(9 years ago)
Modified
2015-02-07T00:00:00
(9 years ago)
Rights
Gentoo Foundation, Inc.
Other Advisories
Source # ID Name URL
CVE CVE-2013-6451 CVE-2013-6451 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6451
CVE CVE-2013-6452 CVE-2013-6452 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6452
CVE CVE-2013-6453 CVE-2013-6453 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6453
CVE CVE-2013-6454 CVE-2013-6454 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6454
CVE CVE-2013-6472 CVE-2013-6472 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6472
CVE CVE-2014-1610 CVE-2014-1610 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1610
CVE CVE-2014-2242 CVE-2014-2242 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2242
CVE CVE-2014-2243 CVE-2014-2243 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2243
CVE CVE-2014-2244 CVE-2014-2244 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2244
CVE CVE-2014-2665 CVE-2014-2665 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2665
CVE CVE-2014-2853 CVE-2014-2853 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2853
CVE CVE-2014-5241 CVE-2014-5241 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5241
CVE CVE-2014-5242 CVE-2014-5242 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5242
CVE CVE-2014-5243 CVE-2014-5243 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5243
CVE CVE-2014-7199 CVE-2014-7199 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7199
CVE CVE-2014-7295 CVE-2014-7295 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7295
CVE CVE-2014-9276 CVE-2014-9276 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9276
CVE CVE-2014-9277 CVE-2014-9277 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9277
CVE CVE-2014-9475 CVE-2014-9475 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9475
CVE CVE-2014-9476 CVE-2014-9476 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9476
CVE CVE-2014-9477 CVE-2014-9477 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9477
CVE CVE-2014-9478 CVE-2014-9478 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9478
CVE CVE-2014-9479 CVE-2014-9479 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9479
CVE CVE-2014-9480 CVE-2014-9480 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9480
CVE CVE-2014-9481 CVE-2014-9481 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9481
CVE CVE-2014-9487 CVE-2014-9487 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9487
CVE CVE-2014-9507 CVE-2014-9507 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9507
Vendor MediaWiki Security and Maintenance Releases: 1.19.17, 1.21.11, 1.22.8 and 1.23.1 https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-June/000155.html
Bugzilla 498064 Bugzilla #498064 https://bugs.gentoo.org/show_bug.cgi?id=498064
Bugzilla 499632 Bugzilla #499632 https://bugs.gentoo.org/show_bug.cgi?id=499632
Bugzilla 503012 Bugzilla #503012 https://bugs.gentoo.org/show_bug.cgi?id=503012
Bugzilla 506018 Bugzilla #506018 https://bugs.gentoo.org/show_bug.cgi?id=506018
Bugzilla 515138 Bugzilla #515138 https://bugs.gentoo.org/show_bug.cgi?id=515138
Bugzilla 518608 Bugzilla #518608 https://bugs.gentoo.org/show_bug.cgi?id=518608
Bugzilla 523852 Bugzilla #523852 https://bugs.gentoo.org/show_bug.cgi?id=523852
Bugzilla 524364 Bugzilla #524364 https://bugs.gentoo.org/show_bug.cgi?id=524364
Bugzilla 532920 Bugzilla #532920 https://bugs.gentoo.org/show_bug.cgi?id=532920
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:ebuild/www-apps/mediawiki?distro=gentoo www-apps mediawiki < 1.23.8 gentoo
Unaffected pkg:ebuild/www-apps/mediawiki?distro=gentoo www-apps mediawiki >= 1.23.8 gentoo
Unaffected pkg:ebuild/www-apps/mediawiki?distro=gentoo www-apps mediawiki >= 1.22.15 gentoo
Unaffected pkg:ebuild/www-apps/mediawiki?distro=gentoo www-apps mediawiki >= 1.19.23 gentoo
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date