MediaWiki: Multiple vulnerabilities — GLSA 201310-21

Multiple vulnerabilities have been found in MediaWiki, the worst of which could lead to Denial of Service.

Affected Packages

www-apps/mediawiki on all architectures
Affected versions < 1.21.2
Unaffected versions >= 1.21.2, revision >= 1.20.7, revision >= 1.19.8

Background

The MediaWiki wiki web application as used on wikipedia.org.

Description

Multiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker may be able to execute arbitrary code, perform man-in-the-middle attacks, obtain sensitive information or perform cross-site scripting attacks.

Workaround

There is no known workaround at this time.

Resolution

All MediaWiki 1.21.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.21.2"
 

All MediaWiki 1.20.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.20.7"
 

All MediaWiki 1.19.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.19.8"
 

References

Release Date
October 28, 2013

Latest Revision
October 28, 2013: 1

Severity
normal

Exploitable
remote

Bugzilla entries