FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mediawiki -- multiple vulnerabilities

Affected packages
mediawiki123 < 1.23.11
mediawiki124 < 1.24.4
mediawiki125 < 1.25.3

Details

VuXML ID b973a763-7936-11e5-a2a1-002590263bf5
Discovery 2015-10-16
Entry 2015-10-23
Modified 2015-12-24

MediaWiki reports:

Wikipedia user RobinHood70 reported two issues in the chunked upload API. The API failed to correctly stop adding new chunks to the upload when the reported size was exceeded (T91203), allowing a malicious users to upload add an infinite number of chunks for a single file upload. Additionally, a malicious user could upload chunks of 1 byte for very large files, potentially creating a very large number of files on the server's filesystem (T91205).

Internal review discovered that it is not possible to throttle file uploads.

Internal review discovered a missing authorization check when removing suppression from a revision. This allowed users with the 'viewsuppressed' user right but not the appropriate 'suppressrevision' user right to unsuppress revisions.

Richard Stanway from teamliquid.net reported that thumbnails of PNG files generated with ImageMagick contained the local file path in the image metadata.

References

CVE Name CVE-2015-8001
CVE Name CVE-2015-8002
CVE Name CVE-2015-8003
CVE Name CVE-2015-8004
CVE Name CVE-2015-8005
CVE Name CVE-2015-8006
CVE Name CVE-2015-8007
CVE Name CVE-2015-8008
CVE Name CVE-2015-8009
URL http://www.openwall.com/lists/oss-security/2015/10/29/14
URL https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html
URL https://phabricator.wikimedia.org/T108616
URL https://phabricator.wikimedia.org/T91203
URL https://phabricator.wikimedia.org/T91205
URL https://phabricator.wikimedia.org/T91850
URL https://phabricator.wikimedia.org/T95589