Malware Devil

Monday, April 12, 2021

ESB-2021.1206 – [Debian] mediawiki: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1206
                         mediawiki security update
                               12 April 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           mediawiki
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Denial of Service    -- Remote/Unauthenticated      
                   Cross-site Scripting -- Remote with User Interaction
                   Reduced Security     -- Existing Account            
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-30159 CVE-2021-30158 CVE-2021-30157
                   CVE-2021-30155 CVE-2021-30154 CVE-2021-30152
                   CVE-2021-27291 CVE-2021-20270 

Reference:         ESB-2021.1100
                   ESB-2021.1070
                   ESB-2021.0984
                   ESB-2021.0849

Original Bulletin: 
   http://www.debian.org/security/2021/dsa-4889

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4889-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 10, 2021                        https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : mediawiki
CVE ID         : CVE-2021-20270 CVE-2021-27291 CVE-2021-30152 CVE-2021-30159
                 CVE-2021-30154 CVE-2021-30155 CVE-2021-30157 CVE-2021-30158 

Multiple security issues were found in MediaWiki, a website engine for
collaborative work, which could result in incomplete page/blocking
protection, denial of service or cross-site scripting.

For the stable distribution (buster), these problems have been fixed in
version 1:1.31.14-1~deb10u1.

We recommend that you upgrade your mediawiki packages.

For the detailed security status of mediawiki please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mediawiki

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmBxxgYACgkQEMKTtsN8
TjbL0Q//d2FNakdYWEaMiFH4zEDwqOAe7wDyfrlfG4upPyaiary3O512E2rd2pkZ
nSGYLbkY2UJW0lSl7qXUpFe4i+VVtajaabwSZgaXlGNTj+qCRWWPCnZcJDHcGrhW
FkN8vmCGrFsQneRWPlDKnFd6NSPF/aVhVwROO7ykOdDajZPi+9uz+dxUEnyhUIvC
871NHo3P9FXUKe3bqbmC3t4CFe2fAy3OfP5byeqYs6t/cV1+aR5QyZEo7V8jdbx0
z1gsBQi6wc1UOUYoX3cX7iAX6PMohFfSgas7iyECRznqSKcmgDFBFtQ5WHp1Uq2W
QELfi3PGD/0eYq7Nl6xlO8q5GbPU8/FLrRHR6NybK+L95RVh8LwJvz5uPmKgLCEZ
KZMgRdO3JOc+DQp5gP8+F8E29fQSrhyBO1JRo9hmTbLkcwsi1LLaMsMbiVUfpR3N
BE9IRhkGfipErR/FYrVgjzy+aWlJeZH5ECkopkYQU3umYuoVjz770w3pRSISmldB
b+I664kJOXJyAMdmtfm/oArEtcqIxHA82g3d597A5t3aqgrQuO3IYfwZVuwTqI7K
dvllJ4fhVm45QDIBeis25IfVcMyFVSJk4HhhqgjyDYThMq0sqgJpzw6Nx+5qht+N
mvpRf54pBJ5WVVc9aKRVIpjhHXPLh6iAICQ9n2MpgLl8QVtGt6Y=
=UyFn
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYHOJa+NLKJtyKPYoAQjMNQ/9EwZWj1V4i/pgQMSphex5ERqI3k3TyZx8
Yuw4VK3+QDzwUg3cwd9Ltjma7cVeG27cAKTaURwU6uYqFsUS1A870iS1/wL4+4Ww
bc6DoIKUdqreP7U35nvZj/EKVTgSlt884L1PeK9Ll+lizqNEYlvpgueGurUm/uEC
S4UTIOnIyc562kbXfgSAStoY7a15j6rJpu1xAxD2PAjyB8JYGA3f1lYpURbA47v8
/c4XK893M3A+QDwYlVGcCOBgMIQ6SPuRUk3jBodfhQdxusCw8IBY2EwT/MZt8xMJ
JsqUm2v4VoCfKTj4N6oCfgIbvpHbm6+AgypfTx0DNHLIbhbgH+tWEhQzIGLpzJ9I
5By8av/lRunY+FkBViHzsDNZy6G4D3xorayneU0X5Mqbl++PDFA0VHLINmqVKiI4
r9hXfgk1/iN8VmxURsTXrKwJahVtdybSmVbef5AgJQjL+6PmlVfkNGoULq2eshJc
GALI6rJN9ELds9iXMjWI2Eq4Fwy8hwfH/0fMJo07zbMEZsHnAsdi8RqzIxc4Lzq6
+xEbxM9EjQP3BtY3epGtZX2pU4T5/GbVvr2+GXyJOpr/35dO5JnJHhnrQmWCvT9u
2tzZAjWRSwA3W3UbAjcXqxNwC1jD3LfR0q9/8N6JKPVvXL6A1THRsZ08l2znhQo2
QENT9SGP5ZM=
=Z9Co
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.1206 – [Debian] mediawiki: Multiple vulnerabilities appeared first on Malware Devil.



https://malwaredevil.com/2021/04/12/esb-2021-1206-debian-mediawiki-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1206-debian-mediawiki-multiple-vulnerabilities

No comments:

Post a Comment

Barbary Pirates and Russian Cybercrime

In 1801, the United States had a small Navy. Thomas Jefferson deployed almost half that Navy—three frigates and a schooner—to the Barbary C...