Bug 674455 (CVE-2011-0047, CVE-2011-0537)

Summary: CVE-2011-0047 CVE-2011-0537 mediawiki: multiple vulnerabilities corrected in mediawiki 1.16.2
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: Axel.Thimm, smooge, wnefal+redhatbugzilla
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-04-04 01:56:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 674456, 674457, 674458, 674459, 674460    
Bug Blocks:    

Description Vincent Danen 2011-02-01 23:33:07 UTC 
MediaWiki 1.16.2 was released today with the following fixes:

An arbitrary script inclusion vulnerability was discovered. The
vulnerability only allows execution of files with names ending in
".php" which are already present in the local filesystem. Only servers
running Microsoft Windows and possibly Novell Netware are affected.
Despite these mitigating factors, all users are advised to upgrade,
since there is a risk of complete server compromise. MediaWiki 1.8.0
and later is affected. For more details, see bug 27094:

https://bugzilla.wikimedia.org/show_bug.cgi?id=27094

Security researcher mghack discovered a CSS injection vulnerability.
For Internet Explorer and similar browsers, this is equivalent to an
XSS vulnerability, that is to say, it allows the compromise of wiki
user accounts. For other browsers, it allows private data such as IP
addresses and browsing patterns to be sent to a malicious external web
server. It affects all versions of MediaWiki. All users are advised to
upgrade. For more information, see bug 27093:

https://bugzilla.wikimedia.org/show_bug.cgi?id=27093

This vulnerability was originally reported to the Mozilla Security
Group and has been assigned CVE-2011-0047.

http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_16_2/phase3/RELEASE-NOTES

Only 1.16.2 has been released, however the CSS injection would affect previous versions as shipped in EPEL (mediawiki114 and mediawiki115).
Comment 1 Vincent Danen 2011-02-01 23:34:31 UTC 
Created mediawiki tracking bugs for this issue

Affects: fedora-all [bug 674456]
Comment 2 Vincent Danen 2011-02-01 23:34:34 UTC 
Created mediawiki116 tracking bugs for this issue

Affects: epel-all [bug 674457]
Comment 3 Vincent Danen 2011-02-01 23:34:37 UTC 
Created mediawiki114 tracking bugs for this issue

Affects: epel-4 [bug 674459]
Affects: epel-5 [bug 674460]
Comment 4 Vincent Danen 2011-02-01 23:34:39 UTC 
Created mediawiki115 tracking bugs for this issue

Affects: epel-all [bug 674458]
Comment 5 Vincent Danen 2011-02-03 18:04:02 UTC 
The first issue (arbitrary script inclusion vulnerability) has been assigned CVE-2011-0537.