1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5021-1] mediawiki security update

    From Moritz Muehlenhoff@21:1/5 to All on Wed Dec 15 21:00:01 2021
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5021-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 15, 2021 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : mediawiki
    CVE ID : CVE-2021-44857 CVE-2021-44858 CVE-2021-45038

    Multiple security issues were discovered in MediaWiki, a website engine
    for collaborative work: Vulnerabilities in the mcrundo and rollback
    actions may allow an attacker to leak page content from private wikis
    or to bypass edit restrictions.

    For additional information please refer to https://www.mediawiki.org/wiki/2021-12_security_release/FAQ

    For the oldstable distribution (buster), these problems have been fixed
    in version 1:1.31.16-1+deb10u2.

    For the stable distribution (bullseye), these problems have been fixed in version 1:1.35.4-1+deb11u2.

    We recommend that you upgrade your mediawiki packages.

    For the detailed security status of mediawiki please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/mediawiki

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmG6RnkACgkQEMKTtsN8 TjYa2xAAvOtj88UkN/9V6/O64bKyIUtRrooaDFCweaGehT/pGS6G7NgRmrZ0C4nc V6iXc2muH7cLXjZpgG8fU9R84GOWTl6cxQCC+dM7ady/6w5SjVi33DnEzxmEWdd0 vCdOdyC9EMnBMtjhsXd9f5p8HiBVRSY32KmL9xVNZIeOd2pjiwx7iYKTEcxNSRGp 2H5SwwPM8TQFJiJXz5CBr23Iyk2WLLcZxhUPGEOkNxteN0DhxNRul9M+rgUzrBWV LY5qmT9F72T4x3pHm7p7dezQYqIHEUo1/q429KjMzmL7eHGghLXAZN9O3zMEsfzJ dP5m/Nrwqruy48UBVg7YtN+4x858gMwOei25HtM6iYg4eeJmyGkZd/cbd5YGGfUe Wt8O6U19AnFF6abL/qcqNVSQ5RIAkCQf0KvaR5KIbjEjmDe59gQCP7K3ih27Wzbb IXBTJcjqqgigiLEryylYI1OhVasfyT+0bczg1gMCgfNWmUcNZWICZ0gGPmVYkEEi 8l/re9TfQvF9nRxvV36bo44wKYe1Ywds5nbRK+jjcTS7m6+PwGMyPMu1tbxueOCy 6kx8nM+0jpgOVlvMW0wMqASO3DW1XKmZJY3CmWnP5zT86W4tvsuYSj1ZMG0vLjOd 0F2zmcsFSpLJTjOyDrLbmhwnFXwKBnDKBB78DyGWORzcka9jqfU=
    =eEGn
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)