Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.3338
mediawiki regression update
29 September 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: mediawiki
Publisher: Debian
Operating System: Debian GNU/Linux 9
Impact/Access: Denial of Service -- Unknown/Unspecified
Resolution: Patch/Upgrade
CVE Names: CVE-2020-25827
Reference: ESB-2020.3319
ESB-2020.3316
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2020/09/msg00028.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2379-2 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Roberto C. S=E1nchez
September 28, 2020 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : mediawiki
Version : 1:1.27.7-1~deb9u5
Debian Bug : 971264
The update of mediawiki released as DLA-2379-1 contained a defect in the
patch for CVE-2020-25827 which caused all pages to fail to render,
producing instead a syntax error. Updated mediawiki packages are now
available to correct this issue.
For Debian 9 stretch, this problem has been fixed in version
1:1.27.7-1~deb9u5.
We recommend that you upgrade your mediawiki packages.
For the detailed security status of mediawiki please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mediawiki
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAl9yWAAACgkQLNd4Xt2n
sg/EBA//SU7N3iD9Dhck+ZWqvxBcAmkGA1DzwXcyjzQ5HpI2ik+Gm1iwx2bFuCfN
JiseHzt7mMdeZh7eZAZ2allFk18M3QyeVnYs8zRsxevy0yM3zTfnoJlM5rZLme2f
zB6R31wqbzwifxSikrlprASEY2flzzl5S7xAPLvmwFgu1GcplDC1szqf6qESB9jX
1dEtLjU/joIybcztp3cc90phdR4+WUCYAhRD6CQ4p0EP4sweRqHf1yRZyQnm6JEB
xQbe83KM9eVPKbC69F8PLejALVbt8gbC9TVFsZHxsAinoQA4FiCffndU0BjTuwaT
wkJFh10VbkRyqEfHJLIHYJvSgepNtDacc16N+NIZt2ofqC2WzvTrEdpEFpFZA/G0
Li2dS1RwW1RxJ8gbags9NNJa+rh7rtcZa74I7kiyR3JSCxfZmpofbpHqPSTxJAzB
P0T7oMdVBEKLaoOdw7Yde9m2SRAx6vK1af6VKyr0x3sg1HXuYgK1Je0bYpZssq3r
Vkzz6ly1g7hznoVL5fiL9O4Q4xzMS3vNokwfRu8V0vIzh0WkxPNDzkahN5Mc5mn5
a2yq/ZbDtgz58vQsR2s2QtHKH3eEdtmA7gtIo0jhZ513xFHtkrW3Us4vqiohhZ7n
JyumUsJ5MmRkHRfiH8TE+9vHpnLQ34Wa+46wutWlZzYJwWZ4qAA=
=2d6E
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBX3KPR+NLKJtyKPYoAQhRHQ//XuabNAHV7FkDe9LgBADYiP9C8AXs7fLD
ti4l4Bs/jJ/ra0snPTHbx7+mPh4PKnpIykE+u1eKZEstWXZIsgUyPI+H6pJHnDk1
dgHYwVaI0oBjv0ZYTPyL24t0ruacwzAbA9b2aX1a/lXkrss5cswhDeAh2Yf28Ujz
IgcFukyqJP1dJBFB4yzZC8iPS8WzZMvKRLErXfNGg9IOPCKoqHS/mPMw1HmUNJ9j
g3CEmfBEnaD8bkPfXFUhj24+PaC1NYV/OBHWGG4k2S2FWEOPtRqk5qkeh4+7q9ox
3oKmgUUik2KsxjssD7d/uNCLkP50TvOhcrIB5101qUVaBsW7aO8rLMi2AoAejGgj
yMDWXSdmFfRTkHV82Gdpjg18cWqMY258/NCn9Sbn2mAMgC9g25gfqsRXZfqRWLtM
AqYhZkMFSj79ZmCvQnq2DL4P5owoUy77DMG8iXPak05XREH0neUhUSr7rn4BuiRv
goKLpOE56B3/+MdqzBq8x0Qhhw1sXSndoANsOQoC8mbpISZJE30ZA2V3KNquiQHU
JaZF4IilCcDJF2/k/qfM5GBAcqycjywy45w5tQ6nxMEsa6LLUhPzTFx8ozwJBVHz
wRm98hMmPXQaSS+/Pv3IOb+BA+BpJSKW4ibtGZ72FUqFxH+twm8hLDLUdz6YRDuF
QS+5w1viDNA=
=Jxjr
-----END PGP SIGNATURE-----