vuln-list-alt/oval/p11/ALT-PU-2014-1172/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20141172",
      "Version": "oval:org.altlinux.errata:def:20141172",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2014-1172: package `mediawiki` update to version 1.22.2-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p11"
            ],
            "Products": [
              "ALT Container"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2014-1172",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2014-1172",
            "Source": "ALTPU"
          },
          {
            "RefID": "CVE-2012-5394",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2012-5394",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2013-4567",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-4567",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2013-4568",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-4568",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2013-4569",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-4569",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2013-4570",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-4570",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2013-4571",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-4571",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2013-4572",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-4572",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2013-4573",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-4573",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2013-4574",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-4574",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2013-6451",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-6451",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2013-6452",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-6452",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2013-6453",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-6453",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2013-6454",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-6454",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2013-6455",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-6455",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2013-6472",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-6472",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2013-7444",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-7444",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2014-1610",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-1610",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2014-3454",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-3454",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2014-3455",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-3455",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades mediawiki to version 1.22.2-alt1. \nSecurity Fix(es):\n\n * CVE-2012-5394: Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authentication of users for requests that login via vectors involving image loading.\n\n * CVE-2013-4567: Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a \\b (backspace) character in CSS.\n\n * CVE-2013-4568: Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain non-ASCII characters in CSS, as demonstrated using variations of \"expression\" containing (1) full width characters or (2) IPA extensions, which are converted and rendered by Internet Explorer.\n\n * CVE-2013-4569: The CleanChanges extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3, when \"Group changes by page in recent changes and watchlist\" is enabled, allows remote attackers to obtain sensitive information (revision-deleted IPs) via the Recent Changes page.\n\n * CVE-2013-4570: The zend_inline_hash_func function in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to converting Lua data structures to PHP, as demonstrated by passing { [{}] = 1 } to a module function.\n\n * CVE-2013-4571: Buffer overflow in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 has unspecified impact and remote vectors.\n\n * CVE-2013-4572: The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user.\n\n * CVE-2013-4573: Cross-site scripting (XSS) vulnerability in the ZeroRatedMobileAccess extension for MediaWiki 1.19.x before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to inject arbitrary web script or HTML via the \"to\" parameter to index.php.\n\n * CVE-2013-4574: Cross-site scripting (XSS) vulnerability in the TimeMediaHandler extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to videos.\n\n * CVE-2013-6451: Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values.\n\n * CVE-2013-6452: Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an SVG file.\n\n * CVE-2013-6453: MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 does not properly sanitize SVG files, which allows remote attackers to have unspecified impact via invalid XML.\n\n * CVE-2013-6454: Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via a -o-link attribute.\n\n * CVE-2013-6455: The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page.\n\n * CVE-2013-6472: MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user watchlists.\n\n * CVE-2013-7444: The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the \"Change block\" text.\n\n * CVE-2014-1610: MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.\n\n * CVE-2014-3454: Cross-site request forgery (CSRF) vulnerability in Special:CreateCategory in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to hijack the authentication of users for requests that create categories via unspecified vectors.\n\n * CVE-2014-3455: Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) CreateProperty, (2) CreateTemplate, (3) CreateForm, and (4) CreateClass special pages in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allow remote attackers to hijack the authentication of users for requests that have unspecified impact and vectors.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "High",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2014-02-07"
          },
          "Updated": {
            "Date": "2014-02-07"
          },
          "BDUs": null,
          "CVEs": [
            {
              "ID": "CVE-2012-5394",
              "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
              "CWE": "CWE-352",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2012-5394",
              "Impact": "Low",
              "Public": "20131213"
            },
            {
              "ID": "CVE-2013-4567",
              "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
              "CWE": "NVD-CWE-Other",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-4567",
              "Impact": "Low",
              "Public": "20131213"
            },
            {
              "ID": "CVE-2013-4568",
              "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
              "CWE": "NVD-CWE-Other",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-4568",
              "Impact": "Low",
              "Public": "20131213"
            },
            {
              "ID": "CVE-2013-4569",
              "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
              "CWE": "CWE-200",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-4569",
              "Impact": "Low",
              "Public": "20131213"
            },
            {
              "ID": "CVE-2013-4570",
              "CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
              "CWE": "NVD-CWE-Other",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-4570",
              "Impact": "Low",
              "Public": "20140512"
            },
            {
              "ID": "CVE-2013-4571",
              "CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
              "CWE": "CWE-119",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-4571",
              "Impact": "High",
              "Public": "20140512"
            },
            {
              "ID": "CVE-2013-4572",
              "CVSS": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
              "CWE": "CWE-384",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-4572",
              "Impact": "High",
              "Public": "20200206"
            },
            {
              "ID": "CVE-2013-4573",
              "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
              "CWE": "CWE-79",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-4573",
              "Impact": "Low",
              "Public": "20131125"
            },
            {
              "ID": "CVE-2013-4574",
              "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
              "CWE": "CWE-79",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-4574",
              "Impact": "Low",
              "Public": "20140512"
            },
            {
              "ID": "CVE-2013-6451",
              "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
              "CWE": "CWE-79",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-6451",
              "Impact": "Low",
              "Public": "20200128"
            },
            {
              "ID": "CVE-2013-6452",
              "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
              "CWE": "CWE-79",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-6452",
              "Impact": "Low",
              "Public": "20140512"
            },
            {
              "ID": "CVE-2013-6453",
              "CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
              "CWE": "CWE-20",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-6453",
              "Impact": "High",
              "Public": "20140512"
            },
            {
              "ID": "CVE-2013-6454",
              "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
              "CWE": "CWE-79",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-6454",
              "Impact": "Low",
              "Public": "20140512"
            },
            {
              "ID": "CVE-2013-6455",
              "CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
              "CWE": "CWE-200",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-6455",
              "Impact": "Low",
              "Public": "20200128"
            },
            {
              "ID": "CVE-2013-6472",
              "CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
              "CWE": "CWE-200",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-6472",
              "Impact": "Low",
              "Public": "20140512"
            },
            {
              "ID": "CVE-2013-7444",
              "CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
              "CWE": "CWE-200",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-7444",
              "Impact": "Low",
              "Public": "20150901"
            },
            {
              "ID": "CVE-2014-1610",
              "CVSS": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
              "CWE": "CWE-20",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-1610",
              "Impact": "Low",
              "Public": "20140130"
            },
            {
              "ID": "CVE-2014-3454",
              "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
              "CWE": "CWE-352",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-3454",
              "Impact": "Low",
              "Public": "20140512"
            },
            {
              "ID": "CVE-2014-3455",
              "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
              "CWE": "CWE-352",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-3455",
              "Impact": "Low",
              "Public": "20140512"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:container:11"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:3001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20141172001",
                "Comment": "mediawiki is earlier than 0:1.22.2-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20141172002",
                "Comment": "mediawiki-apache2 is earlier than 0:1.22.2-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20141172003",
                "Comment": "mediawiki-common is earlier than 0:1.22.2-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20141172004",
                "Comment": "mediawiki-mysql is earlier than 0:1.22.2-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20141172005",
                "Comment": "mediawiki-postgresql is earlier than 0:1.22.2-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20141172006",
                "Comment": "mediawiki-tex is earlier than 0:1.22.2-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}