Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2015-0421)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.131120

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2015-0421)

Resumen: The remote host is missing an update for the 'mediawiki' package(s) announced via the MGASA-2015-0421 advisory.

Descripción: Summary:
The remote host is missing an update for the 'mediawiki' package(s) announced via the MGASA-2015-0421 advisory.

Vulnerability Insight:
Updated mediawiki packages fix security vulnerabilities:

In MediaWiki before 1.23.11, the API failed to correctly stop adding new
chunks to the upload when the reported size was exceeded, allowing a
malicious user to upload add an infinite number of chunks for a single file
upload (CVE-2015-8001).

In MediaWiki before 1.23.11, a malicious user could upload chunks of 1 byte
for very large files, potentially creating a very large number of files on
the server's filesystem (CVE-2015-8002).

In MediaWiki before 1.23.11, it is not possible to throttle file uploads,
or in other words, rate limit them (CVE-2015-8003).

In MediaWiki before 1.23.11, a missing authorization check when removing
suppression from a revision allowed users with the 'viewsuppressed' user
right but not the appropriate 'suppressrevision' user right to unsuppress
revisions (CVE-2015-8004).

In MediaWiki before 1.23.11, thumbnails of PNG files generated with
ImageMagick contained the local file path in the image (CVE-2015-8005).

Affected Software/OS:
'mediawiki' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-8001
https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html
http://www.securitytracker.com/id/1034028
Common Vulnerability Exposure (CVE) ID: CVE-2015-8002
Common Vulnerability Exposure (CVE) ID: CVE-2015-8003
Common Vulnerability Exposure (CVE) ID: CVE-2015-8004
Common Vulnerability Exposure (CVE) ID: CVE-2015-8005

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.131120
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2015-0421)
Resumen:	The remote host is missing an update for the 'mediawiki' package(s) announced via the MGASA-2015-0421 advisory.
Descripción:	Summary: The remote host is missing an update for the 'mediawiki' package(s) announced via the MGASA-2015-0421 advisory. Vulnerability Insight: Updated mediawiki packages fix security vulnerabilities: In MediaWiki before 1.23.11, the API failed to correctly stop adding new chunks to the upload when the reported size was exceeded, allowing a malicious user to upload add an infinite number of chunks for a single file upload (CVE-2015-8001). In MediaWiki before 1.23.11, a malicious user could upload chunks of 1 byte for very large files, potentially creating a very large number of files on the server's filesystem (CVE-2015-8002). In MediaWiki before 1.23.11, it is not possible to throttle file uploads, or in other words, rate limit them (CVE-2015-8003). In MediaWiki before 1.23.11, a missing authorization check when removing suppression from a revision allowed users with the 'viewsuppressed' user right but not the appropriate 'suppressrevision' user right to unsuppress revisions (CVE-2015-8004). In MediaWiki before 1.23.11, thumbnails of PNG files generated with ImageMagick contained the local file path in the image (CVE-2015-8005). Affected Software/OS: 'mediawiki' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-8001 https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html http://www.securitytracker.com/id/1034028 Common Vulnerability Exposure (CVE) ID: CVE-2015-8002 Common Vulnerability Exposure (CVE) ID: CVE-2015-8003 Common Vulnerability Exposure (CVE) ID: CVE-2015-8004 Common Vulnerability Exposure (CVE) ID: CVE-2015-8005
Copyright	Copyright (C) 2015 Greenbone AG