Advisories ยป MGASA-2022-0145

Updated mediawiki packages fix security vulnerability

Publication date: 18 Apr 2022
Modification date: 18 Apr 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-28201 , CVE-2022-28202 , CVE-2022-28203 , CVE-2022-28204

Description

Title::newMainPage() goes into an infinite recursion loop if it points to a
local interwiki (CVE-2022-28201).

Messages widthheight/widthheightpage/nbytes not escaped when used in galleries
or Special:RevisionDelete (CVE-2022-28202).

Requesting Special:NewFiles on a wiki with many file uploads with actor as a
condition can result in a DoS (CVE-2022-28203).

Special:WhatLinksHere can result in a DoS when a page is used on a extremely
large number of other pages (CVE-2022-28204).
                

References

SRPMS

8/core