Fedora 22 : mediawiki-1.26.2-1.fc22 (2015-56543978e8)

high Nessus Plugin ID 89244

Synopsis

The remote Fedora host is missing a security update.

Description

Changes since 1.26.1 * (bug T121892) Various special pages resulted in fatal errors. Changes since 1.26.0 * (bug T117899) SECURITY:
$wgArticlePath can no longer be set to relative paths that do not begin with a slash. This enabled trivial XSS attacks. Configuration values such as 'http://my.wiki.com/wiki/$1' are fine, as are '/wiki/$1'. A value such as '$1' or 'wiki/$1' is not and will now throw an error * (bug T119309) SECURITY: Use hash_compare() for edit token comparison * (bug T118032) SECURITY: Don't allow cURL to interpret POST parameters starting with '@' as file uploads * (bug T115522) SECURITY: Passwords generated by User::randomPassword() can no longer be shorter than $wgMinimalPasswordLength * (bug T97897) SECURITY: Improve IP parsing and trimming. Previous behavior could result in improper blocks being issued * (bug T109724) SECURITY:
Special:MyPage, Special:MyTalk, Special:MyContributions and related pages no longer use HTTP redirects and are now redirected by MediaWiki
* Fixed ConfigException in ExpandTemplates due to AlwaysUseTidy. * Fixed stray literal \n in Special:Search. * Fix issue that breaks HHVM Repo Authorative mode. * (bug T120267) Work around APCu memory corruption bug

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected mediawiki package.

See Also

http://www.wiki.com/index.htm

https://bugzilla.redhat.com/show_bug.cgi?id=1293847

http://www.nessus.org/u?c3a5d38e

Plugin Details

Severity: High

ID: 89244

File Name: fedora_2015-56543978e8.nasl

Version: 2.4

Type: local

Agent: unix

Published: 3/4/2016

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:mediawiki, cpe:/o:fedoraproject:fedora:22

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 1/7/2016

Reference Information