English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.69529
Category:Fedora Local Security Checks
Title:Fedora Core 15 FEDORA-2011-5848 (mediawiki)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to mediawiki
announced via advisory FEDORA-2011-5848.

Update Information:

This update brings mediawiki to version 1.16.4, which is the latest stable release at the moment, but currently also the only supported and recommended release by the mediawiki developer community.

Further changes:
* some simple wiki management functionality was added:
* mw-createinstance creates a wiki instance under
, which is autoupgraded upon package updates.
* any wiki path entered in /etc/mediawiki/instances will be
autoupgraded upon package updates.
* /var/www/wiki is entered into this list automatically, but
you can remove it if you don't want this instance to be
autoupgraded.
* opensearch and suggestions are enabled by default
* several bug fixes (see changelog).

References:

[ 1 ] Bug #697434 - texvc binary missing and deal link in package mediawiki-math-1.16.2-56.fc14.x86_64
https://bugzilla.redhat.com/show_bug.cgi?id=697434
[ 2 ] Bug #614065 - mediawiki opensearch_desc.php has bad path
https://bugzilla.redhat.com/show_bug.cgi?id=614065
[ 3 ] Bug #644325 - /etc/httpd/conf.d/mediawiki.conf has execute permission
https://bugzilla.redhat.com/show_bug.cgi?id=644325
[ 4 ] Bug #682281 - Mediawiki uses the reserved word Namespace introduced in latest release of PHP
https://bugzilla.redhat.com/show_bug.cgi?id=682281
[ 5 ] Bug #662402 - Cannot enable math display for mediawiki
https://bugzilla.redhat.com/show_bug.cgi?id=662402
[ 6 ] Bug #674456 - CVE-2011-0047 mediawiki: multiple vulnerabilities corrected in mediawiki 1.16.2 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=674456
[ 7 ] Bug #667201 - CVE-2011-0003 mediawiki: clickjacking vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=667201
[ 8 ] Bug #620226 - CVE-2010-2787 CVE-2010-2788 mediawiki various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=620226
[ 9 ] Bug #696361 - CVE-2011-1578 CVE-2011-1579 CVE-2011-1580 mediawiki: multiple vulnerabilities fixed in 1.16.3 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=696361

Solution: Apply the appropriate updates.

This update can be installed with the yum update program. Use
su -c 'yum update mediawiki' at the command line.
For more information, refer to Managing Software with yum,
available at http://docs.fedoraproject.org/yum/.

http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2011-5848

Risk factor : High

CVSS Score:
5.8

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-0047
BugTraq ID: 46108
http://www.securityfocus.com/bid/46108
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html
http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html
http://osvdb.org/70770
http://secunia.com/advisories/43142
http://www.vupen.com/english/advisories/2011/0273
XForce ISS Database: mediawiki-css-comments-xss(65126)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65126
Common Vulnerability Exposure (CVE) ID: CVE-2011-0003
42810
http://secunia.com/advisories/42810
70272
http://www.osvdb.org/70272
ADV-2011-0017
http://www.vupen.com/english/advisories/2011/0017
FEDORA-2011-5807
FEDORA-2011-5812
FEDORA-2011-5848
[MediaWiki-announce] 20110104 MediaWiki security release 1.16.1
http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-January/000093.html
[oss-security] 20110104 (possible) CVE request: Clickjacking in Mediawiki
http://www.openwall.com/lists/oss-security/2011/01/04/6
[oss-security] 20110104 Re: (possible) CVE request: Clickjacking in Mediawiki
http://www.openwall.com/lists/oss-security/2011/01/04/12
https://bugzilla.wikimedia.org/show_bug.cgi?id=26561
mediawiki-frames-clickjacking(64476)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64476
Common Vulnerability Exposure (CVE) ID: CVE-2010-2787
42019
http://www.securityfocus.com/bid/42019
FEDORA-2011-5495
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html
[mediawiki-announce] 20100728 MediaWiki security release: 1.16.0 and 1.15.5
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html
[oss-security] 20100729 Re: CVE request: mediawiki
http://openwall.com/lists/oss-security/2010/07/29/4
http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69776
https://bugzilla.redhat.com/show_bug.cgi?id=620224
https://bugzilla.redhat.com/show_bug.cgi?id=620226
https://bugzilla.wikimedia.org/show_bug.cgi?id=24565
Common Vulnerability Exposure (CVE) ID: CVE-2010-2788
42024
http://www.securityfocus.com/bid/42024
http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69952
http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69984
https://bugzilla.redhat.com/show_bug.cgi?id=620225
Common Vulnerability Exposure (CVE) ID: CVE-2011-1578
44142
http://secunia.com/advisories/44142
47354
http://www.securityfocus.com/bid/47354
ADV-2011-0978
http://www.vupen.com/english/advisories/2011/0978
ADV-2011-1100
http://www.vupen.com/english/advisories/2011/1100
ADV-2011-1151
http://www.vupen.com/english/advisories/2011/1151
DSA-2366
http://www.debian.org/security/2011/dsa-2366
[mediawiki-announce] 20110412 MediaWiki security release 1.16.3
http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html
[oss-security] 20110413 Re: CVE request: mediawiki 1.16.3
http://openwall.com/lists/oss-security/2011/04/13/15
https://bugzilla.redhat.com/show_bug.cgi?id=695577
https://bugzilla.redhat.com/show_bug.cgi?id=696360
https://bugzilla.wikimedia.org/show_bug.cgi?id=28235
mediawiki-file-extensions-xss(66737)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66737
Common Vulnerability Exposure (CVE) ID: CVE-2011-1579
http://www.mediawiki.org/wiki/Special:Code/MediaWiki/85856
https://bugzilla.wikimedia.org/show_bug.cgi?id=28450
mediawiki-css-data-xss(66738)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66738
Common Vulnerability Exposure (CVE) ID: CVE-2011-1580
https://bugzilla.wikimedia.org/show_bug.cgi?id=28449
mediawiki-transwiki-sec-bypass(66739)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66739
CopyrightCopyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.