Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

MediaWiki: Multiple vulnerabilities — GLSA 201310-21

Multiple vulnerabilities have been found in MediaWiki, the worst of which could lead to Denial of Service.

Affected packages

Package www-apps/mediawiki on all architectures
Affected versions < 1.21.2
Unaffected versions >= 1.21.2
revision >= 1.20.7
revision >= 1.19.8

Background

The MediaWiki wiki web application as used on wikipedia.org.

Description

Multiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker may be able to execute arbitrary code, perform man-in-the-middle attacks, obtain sensitive information or perform cross-site scripting attacks.

Workaround

There is no known workaround at this time.

Resolution

All MediaWiki 1.21.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.21.2"

All MediaWiki 1.20.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.20.7"

All MediaWiki 1.19.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.19.8"

References

Release date
October 28, 2013

Latest revision
October 28, 2013: 1

Severity
normal

Exploitable
remote

Bugzilla entries