-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1206 mediawiki security update 12 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: mediawiki Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Denial of Service -- Remote/Unauthenticated Cross-site Scripting -- Remote with User Interaction Reduced Security -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-30159 CVE-2021-30158 CVE-2021-30157 CVE-2021-30155 CVE-2021-30154 CVE-2021-30152 CVE-2021-27291 CVE-2021-20270 Reference: ESB-2021.1100 ESB-2021.1070 ESB-2021.0984 ESB-2021.0849 Original Bulletin: http://www.debian.org/security/2021/dsa-4889 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4889-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 10, 2021 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : mediawiki CVE ID : CVE-2021-20270 CVE-2021-27291 CVE-2021-30152 CVE-2021-30159 CVE-2021-30154 CVE-2021-30155 CVE-2021-30157 CVE-2021-30158 Multiple security issues were found in MediaWiki, a website engine for collaborative work, which could result in incomplete page/blocking protection, denial of service or cross-site scripting. For the stable distribution (buster), these problems have been fixed in version 1:1.31.14-1~deb10u1. We recommend that you upgrade your mediawiki packages. For the detailed security status of mediawiki please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mediawiki Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmBxxgYACgkQEMKTtsN8 TjbL0Q//d2FNakdYWEaMiFH4zEDwqOAe7wDyfrlfG4upPyaiary3O512E2rd2pkZ nSGYLbkY2UJW0lSl7qXUpFe4i+VVtajaabwSZgaXlGNTj+qCRWWPCnZcJDHcGrhW FkN8vmCGrFsQneRWPlDKnFd6NSPF/aVhVwROO7ykOdDajZPi+9uz+dxUEnyhUIvC 871NHo3P9FXUKe3bqbmC3t4CFe2fAy3OfP5byeqYs6t/cV1+aR5QyZEo7V8jdbx0 z1gsBQi6wc1UOUYoX3cX7iAX6PMohFfSgas7iyECRznqSKcmgDFBFtQ5WHp1Uq2W QELfi3PGD/0eYq7Nl6xlO8q5GbPU8/FLrRHR6NybK+L95RVh8LwJvz5uPmKgLCEZ KZMgRdO3JOc+DQp5gP8+F8E29fQSrhyBO1JRo9hmTbLkcwsi1LLaMsMbiVUfpR3N BE9IRhkGfipErR/FYrVgjzy+aWlJeZH5ECkopkYQU3umYuoVjz770w3pRSISmldB b+I664kJOXJyAMdmtfm/oArEtcqIxHA82g3d597A5t3aqgrQuO3IYfwZVuwTqI7K dvllJ4fhVm45QDIBeis25IfVcMyFVSJk4HhhqgjyDYThMq0sqgJpzw6Nx+5qht+N mvpRf54pBJ5WVVc9aKRVIpjhHXPLh6iAICQ9n2MpgLl8QVtGt6Y= =UyFn - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYHOJa+NLKJtyKPYoAQjMNQ/9EwZWj1V4i/pgQMSphex5ERqI3k3TyZx8 Yuw4VK3+QDzwUg3cwd9Ltjma7cVeG27cAKTaURwU6uYqFsUS1A870iS1/wL4+4Ww bc6DoIKUdqreP7U35nvZj/EKVTgSlt884L1PeK9Ll+lizqNEYlvpgueGurUm/uEC S4UTIOnIyc562kbXfgSAStoY7a15j6rJpu1xAxD2PAjyB8JYGA3f1lYpURbA47v8 /c4XK893M3A+QDwYlVGcCOBgMIQ6SPuRUk3jBodfhQdxusCw8IBY2EwT/MZt8xMJ JsqUm2v4VoCfKTj4N6oCfgIbvpHbm6+AgypfTx0DNHLIbhbgH+tWEhQzIGLpzJ9I 5By8av/lRunY+FkBViHzsDNZy6G4D3xorayneU0X5Mqbl++PDFA0VHLINmqVKiI4 r9hXfgk1/iN8VmxURsTXrKwJahVtdybSmVbef5AgJQjL+6PmlVfkNGoULq2eshJc GALI6rJN9ELds9iXMjWI2Eq4Fwy8hwfH/0fMJo07zbMEZsHnAsdi8RqzIxc4Lzq6 +xEbxM9EjQP3BtY3epGtZX2pU4T5/GbVvr2+GXyJOpr/35dO5JnJHhnrQmWCvT9u 2tzZAjWRSwA3W3UbAjcXqxNwC1jD3LfR0q9/8N6JKPVvXL6A1THRsZ08l2znhQo2 QENT9SGP5ZM= =Z9Co -----END PGP SIGNATURE-----
The post ESB-2021.1206 – [Debian] mediawiki: Multiple vulnerabilities appeared first on Malware Devil.
https://malwaredevil.com/2021/04/12/esb-2021-1206-debian-mediawiki-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1206-debian-mediawiki-multiple-vulnerabilities
No comments:
Post a Comment