Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.4509 mediawiki security update 21 December 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: mediawiki Publisher: Debian Operating System: Debian GNU/Linux UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Cross-site Scripting -- Remote with User Interaction Access Confidential Data -- Unknown/Unspecified Resolution: Patch/Upgrade CVE Names: CVE-2020-35480 CVE-2020-35479 CVE-2020-35477 CVE-2020-35475 Original Bulletin: http://www.debian.org/security/2020/dsa-4816 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running mediawiki check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4816-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 18, 2020 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : mediawiki CVE ID : CVE-2020-35475 CVE-2020-35477 CVE-2020-35479 CVE-2020-35480 Debian Bug : 971985 971986 Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting or the disclosure of hidden users. For the stable distribution (buster), these problems have been fixed in version 1:1.31.12-1~deb10u1. We recommend that you upgrade your mediawiki packages. For the detailed security status of mediawiki please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mediawiki Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl/cegEACgkQEMKTtsN8 TjZTkA/9GSBLaPYBEdCBHJInfqihUUpyyuVNaWpRe4Fcudyj/Q9Cktl9E0XKJaQO sAz0Ql24x3VGHuyhMDmgsNqsnmDnDd5FV3ixHVdOvvcW+mcBd2XaIqbPxufT3NmY rRdDvdlc1UuGdcueOoIyUZe7jBUPdefephMl/Tv6lEQKx+JhqcSGGaI6kVE4MVWs M118MuiGnNrkmpiE35IqWCn7rMr/00CyQi8Ytobb11ebjm4VlwJlpuXfTaYC8ZDB eRD+I4+0j+eO/xuiF7b+xIStse6nV5C2Q7aBfKsK/+SuJANvYJsW2GnHEFkzM+j3 EJs2ha3cPBdG7RVqJRt7Lkqu5ZxsBkJgoYZSQr0mbzr7cmX707HRe8ZtvFBpCubj XVIinwJOGSdwWzUWw3QyuwTK3g7wfJJtcnihWUYy0d5sdIeMwv8VqcVnyY4ss4RN hCVnFgNHK8Z2HVT2pjkM/j85n7wEDa3l0p57vyNxN4Mv1st4tWWlrBgpMKm1fKDz RRKs6G3p3X0ENKUnJma+RNKP/sgeES4X+CDfZzJXeALIYrhGvemax+vhQNGFGXPa ccyuWpQTOEwMnjYIB5+YrhPTfpr0tr3JFMoLpGgUzy9/53CBwxkixizg6NMnKFE6 apGLC2Wdeey2nzt6TtDCa4uXpl+4c0ihm3O7byXzVZ3iZ6cXexY= =aUJM - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBX9/lauNLKJtyKPYoAQj7jw//UjnriIY96eppcMMCJriThG2PxU3qC/6K HTYOxNwynpTVK/47YgQq/kciZGM5zYRf2H7866yhE3B7MYQWNrQS4Qc0alWhVwbI aktfK/7wIq7ZlgH7ylf5k2KQblWXMC5jtxZUtlDwTSOtdTVPrQ64gp9on7If/oOZ nL+vYnJwVefEtFqbOteSc4NkZH9ihplG70DvuRNDvfYliryaglcL5TGLY1uhP5Ep kKTMnrxBPP17yYNtITZtNi3t4ikOngSgcKBgbPjUwmPvgOUmIGHpXDIYQEOQURTb wTV6QOJsHTUZthq2LgvUkbW7q5FFiCxUfcwyZcUbkmWQ0dAalFyBI8bSacaWfRrk /nPu19XmYosD0pyeCysWM5YVqEjHIL3n9yFV80wlOopi8cVTgg6xCFNFMWPgO0P3 clDWQBJxsP7SIAz5hdoS+RDc3IDRx9xui9Z7a5IBXj6hs/KNiTVFWKUU8AI4PRZ2 6bZ+iu9b3oz/6Ue05id9KzeKY71iF0fRBUQnxTPwxqlBvjBySdicYmUaDIOIQ7vy ivwhRQnZ4/BkHs4I1aioDwVOv89/l5gj9s4dpBGgiRfr/VMFq3qTZlwOpX+t+BZi wiUcqFQ0/AgHjbISZ+gAD/6gKpRfZXgRtHSrOulRs265d2KrDPKm/IBbYpA68SBw yXJmWNcH7+Y= =f24s -----END PGP SIGNATURE-----