Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2015-0421)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.131120

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2015-0421)

Zusammenfassung: The remote host is missing an update for the 'mediawiki' package(s) announced via the MGASA-2015-0421 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'mediawiki' package(s) announced via the MGASA-2015-0421 advisory.

Vulnerability Insight:
Updated mediawiki packages fix security vulnerabilities:

In MediaWiki before 1.23.11, the API failed to correctly stop adding new
chunks to the upload when the reported size was exceeded, allowing a
malicious user to upload add an infinite number of chunks for a single file
upload (CVE-2015-8001).

In MediaWiki before 1.23.11, a malicious user could upload chunks of 1 byte
for very large files, potentially creating a very large number of files on
the server's filesystem (CVE-2015-8002).

In MediaWiki before 1.23.11, it is not possible to throttle file uploads,
or in other words, rate limit them (CVE-2015-8003).

In MediaWiki before 1.23.11, a missing authorization check when removing
suppression from a revision allowed users with the 'viewsuppressed' user
right but not the appropriate 'suppressrevision' user right to unsuppress
revisions (CVE-2015-8004).

In MediaWiki before 1.23.11, thumbnails of PNG files generated with
ImageMagick contained the local file path in the image (CVE-2015-8005).

Affected Software/OS:
'mediawiki' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-8001
https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html
http://www.securitytracker.com/id/1034028
Common Vulnerability Exposure (CVE) ID: CVE-2015-8002
Common Vulnerability Exposure (CVE) ID: CVE-2015-8003
Common Vulnerability Exposure (CVE) ID: CVE-2015-8004
Common Vulnerability Exposure (CVE) ID: CVE-2015-8005

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.131120
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2015-0421)
Zusammenfassung:	The remote host is missing an update for the 'mediawiki' package(s) announced via the MGASA-2015-0421 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'mediawiki' package(s) announced via the MGASA-2015-0421 advisory. Vulnerability Insight: Updated mediawiki packages fix security vulnerabilities: In MediaWiki before 1.23.11, the API failed to correctly stop adding new chunks to the upload when the reported size was exceeded, allowing a malicious user to upload add an infinite number of chunks for a single file upload (CVE-2015-8001). In MediaWiki before 1.23.11, a malicious user could upload chunks of 1 byte for very large files, potentially creating a very large number of files on the server's filesystem (CVE-2015-8002). In MediaWiki before 1.23.11, it is not possible to throttle file uploads, or in other words, rate limit them (CVE-2015-8003). In MediaWiki before 1.23.11, a missing authorization check when removing suppression from a revision allowed users with the 'viewsuppressed' user right but not the appropriate 'suppressrevision' user right to unsuppress revisions (CVE-2015-8004). In MediaWiki before 1.23.11, thumbnails of PNG files generated with ImageMagick contained the local file path in the image (CVE-2015-8005). Affected Software/OS: 'mediawiki' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-8001 https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html http://www.securitytracker.com/id/1034028 Common Vulnerability Exposure (CVE) ID: CVE-2015-8002 Common Vulnerability Exposure (CVE) ID: CVE-2015-8003 Common Vulnerability Exposure (CVE) ID: CVE-2015-8004 Common Vulnerability Exposure (CVE) ID: CVE-2015-8005
Copyright	Copyright (C) 2015 Greenbone AG