Bug 580418 (CVE-2010-1150)

Summary: CVE-2010-1150 MediaWiki v.1.15.3: Login CSRF
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: axel.thimm, smooge, smooge
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-09 20:01:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jan Lieskovsky 2010-04-08 08:45:21 UTC 
MediaWiki upstream has released:
  [1] http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html

latest, v.1.15.3 version, addressing one cross-site request forgery
(CSRF) issue (from [1]):

"MediaWiki was found to be vulnerable to login CSRF. An attacker who
controls a user account on the target wiki can force the victim to log
in as the attacker, via a script on an external website. If the wiki is
configured to allow user scripts, say with "$wgAllowUserJs = true" in
LocalSettings.php, then the attacker can proceed to mount a
phishing-style attack against the victim to obtain their password."

Upstream bug report:
  [2] https://bugzilla.wikimedia.org/show_bug.cgi?id=23076

CVE Request (and reply):
  [3] http://www.openwall.com/lists/oss-security/2010/04/07/1
  [4] http://www.openwall.com/lists/oss-security/2010/04/08/4
Comment 1 Jan Lieskovsky 2010-04-08 08:57:08 UTC 
This issue has been already addressed in current versions
of mediawiki package, as shipped with Fedora release of 11
and 12. Particular builds (mediawiki-1.15.3-53.fc11 and
mediawiki-1.15.3-53.fc12) are already present in relevant
-candidate repositories for each of the above listed releases,
and once the Fedora stabilization process completes, they 
will be pushed into -stable.

Though, the EPEL-5 repository still contains mediawiki-1.14.0-45.el5,
as the latest version. 

Stephen, would it be possible to rebase the EPEL-5 version
to latest upstream v.1.15.3 version too? (as the previous
upstream release v.1.15.2 also addressed two security flaws --
CVE-2010-1189 and CVE-2010-1190).

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
Comment 2 Stephen John Smoogen 2014-06-09 20:01:16 UTC 
I apologize. This ticket should have been closed years ago as we moved to only having the Wikimedia Longterm Support in EPEL.