MediaWiki: Multiple vulnerabilities Multiple vulnerabilities have been found in MediaWiki, the worst of which may allow remote attackers to execute arbitrary code. mediawiki 2015-02-07 2015-02-07 498064 499632 503012 506018 515138 518608 523852 524364 532920 remote 1.23.8 1.22.15 1.19.23 1.23.8

MediaWiki is a collaborative editing software used by large projects such as Wikipedia.

Multiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers and MediaWiki announcement referenced below for details.

A remote attacker may be able to execute arbitrary code with the privileges of the process, create a Denial of Service condition, obtain sensitive information, bypass security restrictions, and inject arbitrary web script or HTML.

There is no known workaround at this time.

All MediaWiki 1.23 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.23.8"

All MediaWiki 1.22 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.22.15"

All MediaWiki 1.19 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.19.23" CVE-2013-6451 CVE-2013-6452 CVE-2013-6453 CVE-2013-6454 CVE-2013-6472 CVE-2014-1610 CVE-2014-2242 CVE-2014-2243 CVE-2014-2244 CVE-2014-2665 CVE-2014-2853 CVE-2014-5241 CVE-2014-5242 CVE-2014-5243 CVE-2014-7199 CVE-2014-7295 CVE-2014-9276 CVE-2014-9277 CVE-2014-9475 CVE-2014-9476 CVE-2014-9477 CVE-2014-9478 CVE-2014-9479 CVE-2014-9480 CVE-2014-9481 CVE-2014-9487 CVE-2014-9507 MediaWiki Security and Maintenance Releases: 1.19.17, 1.21.11, 1.22.8 and 1.23.1 Zlogene sdamashek