Advisories » MGASA-2024-0155

Updated mediawiki packages fix security vulnerabilities

Publication date: 30 Apr 2024
Modification date: 30 Apr 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-3550 , CVE-2023-45359 , CVE-2023-45360 , CVE-2023-45361 , CVE-2023-45362 , CVE-2023-45363 , CVE-2023-45364 , CVE-2023-51704

Description

Mediawiki v1.40.0 does not validate namespaces used in XML files.
Therefore, if the instance administrator allows XML file uploads, a
remote attacker with a low-privileged user account can use this exploit
to become an administrator by sending a malicious link to the instance
administrator. (CVE-2023-3550)
An issue was discovered in MediaWiki before 1.35.12, 1.36.x through
1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in
youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This
is related to MediaWiki:Youhavenewmessagesfromusers. (CVE-2023-45360)
An issue was discovered in DifferenceEngine.php in MediaWiki before
1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1.
diff-multi-sameuser (aka "X intermediate revisions by the same user not
shown") ignores username suppression. This is an information leak.
(CVE-2023-45362)
An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12,
1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows
attackers to cause a denial of service (unbounded loop and
RequestTimeoutException) when querying pages redirected to other
variants with redirects and converttitles set. (CVE-2023-45363)
An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x
through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision
existence is leaked due to incorrect permissions being checked. This
reveals that a given revision ID belonged to the given page title, and
its timestamp, both of which are not supposed to be public information.
(CVE-2023-45364)
An issue was discovered in MediaWiki before 1.35.14, 1.36.x through
1.39.x before 1.39.6, and 1.40.x before 1.40.2. In
includes/logging/RightsLogFormatter.php, group-*-member messages can
result in XSS on Special:log/rights. (CVE-2023-51704)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33156
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45359
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45361
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45364
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51704

SRPMS

9/core

• mediawiki-1.35.14-1.mga9