Advisories » MGASA-2022-0370

Updated mediawiki packages fix security vulnerability

Publication date: 13 Oct 2022
Modification date: 13 Oct 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-41765 , CVE-2022-41767

Description

HTMLUserTextField exposes existence of hidden users (CVE-2022-41765).

reassignEdits doesn't update results in an IP range check on
Special:Contributions (CVE-2022-41767)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=30943
• https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/SPYFDCGZE7KJNO73ET7QVSUXMHXVRFTE/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41765
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41767

SRPMS

8/core

• mediawiki-1.35.8-1.mga8