Lucene search

K
mageiaGentoo FoundationMGASA-2017-0429
HistoryNov 29, 2017 - 9:52 p.m.

Updated mediawiki packages fix security vulnerabilities

2017-11-2921:52:42
Gentoo Foundation
advisories.mageia.org
48

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.975

Percentile

100.0%

XSS when $wgShowExceptionDetails = false and browser sends non-standard url escaping (CVE-2017-8808). Reflected File Download from api.php (CVE-2017-8809). On private wikis, login form shouldn’t distinguish between login failure due to bad username and bad password (CVE-2017-8810). It’s possible to mangle HTML via raw message parameter expansion (CVE-2017-8811). The id attribute on headlines allow raw > (CVE-2017-8812). Language converter can be tricked into replacing text inside tags by adding a lot of junk after the rule definition (CVE-2017-8814). Language converter: unsafe attribute injection via glossary rules (CVE-2017-8815). composer.json has require-dev versions of PHPUnit with known security issues (CVE-2017-9841). Note that MediaWiki 1.23.x on Mageia 5 is no longer supported. Those using the mediawiki package on Mageia 5 should upgrade to Mageia 6.

OSVersionArchitecturePackageVersionFilename
Mageia6noarchmediawiki<Β 1.27.4-1mediawiki-1.27.4-1.mga6

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.975

Percentile

100.0%