Test ID:	1.3.6.1.4.1.25623.1.0.71576
Category:	Gentoo Local Security Checks
Title:	Gentoo Security Advisory GLSA 201206-09 (MediaWiki)
Summary:	The remote host is missing updates announced in;advisory GLSA 201206-09.
Description:	Summary: The remote host is missing updates announced in advisory GLSA 201206-09. Vulnerability Insight: Multiple vulnerabilities have been found in MediaWiki, the worst of which leading to remote execution of arbitrary code. Solution: All MediaWiki users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-apps/mediawiki-1.18.2' CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2787 42019 http://www.securityfocus.com/bid/42019 FEDORA-2011-5495 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html FEDORA-2011-5807 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html FEDORA-2011-5812 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html FEDORA-2011-5848 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html [mediawiki-announce] 20100728 MediaWiki security release: 1.16.0 and 1.15.5 http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html [oss-security] 20100729 Re: CVE request: mediawiki http://openwall.com/lists/oss-security/2010/07/29/4 http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69776 https://bugzilla.redhat.com/show_bug.cgi?id=620224 https://bugzilla.redhat.com/show_bug.cgi?id=620226 https://bugzilla.wikimedia.org/show_bug.cgi?id=24565 Common Vulnerability Exposure (CVE) ID: CVE-2010-2788 42024 http://www.securityfocus.com/bid/42024 http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69952 http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69984 https://bugzilla.redhat.com/show_bug.cgi?id=620225 Common Vulnerability Exposure (CVE) ID: CVE-2010-2789 Common Vulnerability Exposure (CVE) ID: CVE-2011-0003 42810 http://secunia.com/advisories/42810 70272 http://www.osvdb.org/70272 ADV-2011-0017 http://www.vupen.com/english/advisories/2011/0017 [MediaWiki-announce] 20110104 MediaWiki security release 1.16.1 http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-January/000093.html [oss-security] 20110104 (possible) CVE request: Clickjacking in Mediawiki http://www.openwall.com/lists/oss-security/2011/01/04/6 [oss-security] 20110104 Re: (possible) CVE request: Clickjacking in Mediawiki http://www.openwall.com/lists/oss-security/2011/01/04/12 https://bugzilla.wikimedia.org/show_bug.cgi?id=26561 mediawiki-frames-clickjacking(64476) https://exchange.xforce.ibmcloud.com/vulnerabilities/64476 Common Vulnerability Exposure (CVE) ID: CVE-2011-0047 BugTraq ID: 46108 http://www.securityfocus.com/bid/46108 http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html http://osvdb.org/70770 http://secunia.com/advisories/43142 http://www.vupen.com/english/advisories/2011/0273 XForce ISS Database: mediawiki-css-comments-xss(65126) https://exchange.xforce.ibmcloud.com/vulnerabilities/65126 Common Vulnerability Exposure (CVE) ID: CVE-2011-0537 70798 http://osvdb.org/70798 70799 http://osvdb.org/70799 ADV-2011-0273 [MediaWiki-announce] 20110201 MediaWiki security release 1.16.2 [oss-security] 20110201 CVE request: Server-side arbitrary script inclusion vulnerability in MediaWiki <=1.16.1 http://www.openwall.com/lists/oss-security/2011/02/01/4 [oss-security] 20110203 Re: CVE request: Server-side arbitrary script inclusion vulnerability in MediaWiki <=1.16.1 http://www.openwall.com/lists/oss-security/2011/02/03/3 http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.2.patch.gz https://bugzilla.wikimedia.org/show_bug.cgi?id=27094 Common Vulnerability Exposure (CVE) ID: CVE-2011-1579 44142 http://secunia.com/advisories/44142 47354 http://www.securityfocus.com/bid/47354 ADV-2011-0978 http://www.vupen.com/english/advisories/2011/0978 ADV-2011-1100 http://www.vupen.com/english/advisories/2011/1100 ADV-2011-1151 http://www.vupen.com/english/advisories/2011/1151 DSA-2366 http://www.debian.org/security/2011/dsa-2366 [mediawiki-announce] 20110412 MediaWiki security release 1.16.3 http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html [oss-security] 20110413 Re: CVE request: mediawiki 1.16.3 http://openwall.com/lists/oss-security/2011/04/13/15 http://www.mediawiki.org/wiki/Special:Code/MediaWiki/85856 https://bugzilla.redhat.com/show_bug.cgi?id=695577 https://bugzilla.redhat.com/show_bug.cgi?id=696360 https://bugzilla.wikimedia.org/show_bug.cgi?id=28450 mediawiki-css-data-xss(66738) https://exchange.xforce.ibmcloud.com/vulnerabilities/66738 Common Vulnerability Exposure (CVE) ID: CVE-2011-1580 https://bugzilla.wikimedia.org/show_bug.cgi?id=28449 mediawiki-transwiki-sec-bypass(66739) https://exchange.xforce.ibmcloud.com/vulnerabilities/66739 Common Vulnerability Exposure (CVE) ID: CVE-2011-1766 44684 http://secunia.com/advisories/44684 47722 http://www.securityfocus.com/bid/47722 FEDORA-2011-6774 http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060496.html FEDORA-2011-6775 http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060507.html FEDORA-2011-6781 http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060435.html [mediawiki-announce] 20110505 MediaWiki security release 1.16.5 http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html https://bugzilla.redhat.com/show_bug.cgi?id=702512 https://bugzilla.wikimedia.org/show_bug.cgi?id=28639 Common Vulnerability Exposure (CVE) ID: CVE-2012-1578 48504 http://secunia.com/advisories/48504 52689 http://www.securityfocus.com/bid/52689 80361 http://osvdb.org/80361 [MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.17.3 http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html [MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.18.2 http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html [oss-security] 20120322 MediaWiki security and maintenance release 1.18.2 http://www.openwall.com/lists/oss-security/2012/03/22/9 [oss-security] 20120323 CVEs for MediaWiki security and maintenance release 1.18.2 http://www.openwall.com/lists/oss-security/2012/03/24/1 https://bugzilla.wikimedia.org/show_bug.cgi?id=34212 mediawiki-multiple-csrf(78911) https://exchange.xforce.ibmcloud.com/vulnerabilities/78911 Common Vulnerability Exposure (CVE) ID: CVE-2012-1579 https://bugzilla.wikimedia.org/show_bug.cgi?id=34907 Common Vulnerability Exposure (CVE) ID: CVE-2012-1580 80364 http://osvdb.org/80364 https://bugzilla.wikimedia.org/show_bug.cgi?id=35317 mediawiki-specialupload-csrf(74286) https://exchange.xforce.ibmcloud.com/vulnerabilities/74286 Common Vulnerability Exposure (CVE) ID: CVE-2012-1581 https://bugzilla.wikimedia.org/show_bug.cgi?id=35078 mediawiki-random-numbers-sec-bypass(78910) https://exchange.xforce.ibmcloud.com/vulnerabilities/78910 Common Vulnerability Exposure (CVE) ID: CVE-2012-1582 BugTraq ID: 52689 http://osvdb.org/80363 XForce ISS Database: mediawiki-wikitext-xss(74288) https://exchange.xforce.ibmcloud.com/vulnerabilities/74288
Copyright	Copyright (C) 2012 E-Soft Inc.

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.