Updated mediawiki packages fix security vulnerability
Publication date: 13 Oct 2021Modification date: 13 Oct 2021
Type: security
Affected Mageia releases : 8
CVE: CVE-2021-41798 , CVE-2021-41799 , CVE-2021-41800 , CVE-2021-41801
Description
XSS vulnerability in Special:Search. (CVE-2021-41798)
ApiQueryBacklinks can cause a full table scan. (CVE-2021-41799)
Fix PoolCounter protection of Special:Contributions. (CVE-2021-41800)
ReplaceText continues performing actions if the user no longer has the
correct permission (such as by being blocked). (CVE-2021-41801)
References
- https://bugs.mageia.org/show_bug.cgi?id=29531
- https://www.debian.org/security/2021/dsa-4979
- https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41798
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41799
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41800
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41801
SRPMS
8/core
- mediawiki-1.35.4-1.mga8