Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.4924 mediawiki security update 5 October 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: mediawiki Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2022-41767 CVE-2022-41765 CVE-2022-34912 CVE-2022-34911 CVE-2022-31091 CVE-2022-31090 CVE-2022-31043 CVE-2022-31042 CVE-2022-29248 CVE-2022-28203 CVE-2022-28202 CVE-2022-28201 CVE-2021-44856 CVE-2021-44855 CVE-2021-44854 Original Bulletin: http://www.debian.org/security/2022/dsa-5246 Comment: CVSS (Max): 8.1* CVE-2022-29248 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N) CVSS Source: [NVD], Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * Not all CVSS available when published - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-5246-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 04, 2022 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : mediawiki CVE ID : CVE-2021-44854 CVE-2021-44855 CVE-2021-44856 CVE-2022-28201 CVE-2022-28202 CVE-2022-28203 CVE-2022-29248 CVE-2022-31042 CVE-2022-31043 CVE-2022-31090 CVE-2022-31091 CVE-2022-34911 CVE-2022-34912 CVE-2022-41765 CVE-2022-41767 Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in restriction bypass, information leaks, cross-site scripting or denial of service. For the stable distribution (bullseye), these problems have been fixed in version 1:1.35.8-1~deb11u1. We recommend that you upgrade your mediawiki packages. For the detailed security status of mediawiki please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mediawiki Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmM8gAYACgkQEMKTtsN8 TjZF9Q//Q4aOymd80Qw9dwB9MwCCVE26XSQrIJoANebX+AA4LMcXNpSj1GydUtnk zmbbZFD/JJHAphGCXswMeAlXzb4H6nH8YBehkxGMOFTLHESwSuKHHfkxWiIt+Btc HDJI2YwYYJQZT/DWTY1/VJP1A4yBgh+dOhx9GsuHLKNY8YjO0lwtFzHa2IELKF8v rgqg/VuQb/mzumEbI6SQXW7fUE3C/Afg9V9Y7v/f5ELXUkhGgaFDTEjpiB3ZN7GY jEwGboRIRATrjz51uu+pGP65ktpOtVb0azfblPaov8elCSjDtwL5BP5xCDk9s1YS iPoDyMnHTQDVx7C3hLPHMAGSWiMyqtTSZUXuBarCxvlvoldhvwxjrYtFDL6SsTQc rFHz1wdbka6HXFhVQ8gfAnI3mpMtnI5hikWWSX7bca1L+zKZcFHk1UXRLzm/4FdA HjkiyKjUyF8bKnIbonnskcLz6gELAcDU74GvDQLIBZlXSbOv9Sl670TJXa0M0JAs h7tYtiApHSePQ/0vC/dGT+bVkWWdthOdmMyBFlU7Qx9DG++UqWKkPJjF+4saZbdW e6yCFXY6l7+2fbAbV+lu2n193Ti2zcO8H5+7fu5TdA/GPsJH8S8C4jsLqIBS1xjq EzwZJuNHnfbHYx7HkudGEnixsFwB8uV0Sg46XDfZwVWmc9mjWhY= =8xpB - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYzznaskNZI30y1K9AQgB0Q/+PKcGoynDI46+IaGY9Ikr5u04cZv8vpLw WGu6ftupIFMbWWg2QKnh5JuT8Fz2txVA/x61T8ys98hdx5JOji4ZscpU9+N/s3at abmM5xbrBzzLSzu4QL5D74YMIm6CbkQUUvs0qxJU9pe2R1FRdnDSYAO7sPt1aDOX YCTtPydsbT2EFn9LQeA5hQSjau4zzSJldQVSshubsMM63aJQ/h63o5EzlTO6zi5s s62sX7B6Nexf8AZOznNNioPKdc0tt0JI8x4+JysiwB7wBVcqMYH+iO0f1ONLDMzJ 3TZi9ex8yUonnP6SymCMqo6nIxXRVKxA/wDsVXCVrI9tlHasVIpgCDlL59Vx4RG6 vA1DfSrkDZCr8qOIHWVxAYNNI39v8TCnrO+SoWKzpT6GEwnS+BSzZ+Ft1T+Zbb1K bbRMv8Ub93S9oXEthTMEvcqdnC+qxqGmH8paYK++kX2dtHlTmMhVafVev2KKyvI1 vX+oLL6mksaTwhzM9j4IrZxQUV4DGdHHbD85rplJn2UFMaT2KgbOlgwFWNwnXARi v4BDEidxVPjVQyUDP3Z8QdJiOaj4EdTIflhE2nV6+/xF6fbYZ14UR0bOQSNXKCwq 4uuGvrxGl+SDPPxJCCci4Wj7Q/moyKE/PG5TS8x19v82JIQKWnJJrB8QcfikkOwx ou3dTJAgOjs= =hDxh -----END PGP SIGNATURE-----