Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.3356 mediawiki security update 11 October 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: mediawiki Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Cross-site Scripting -- Remote with User Interaction Denial of Service -- Existing Account Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2021-41799 CVE-2021-41798 CVE-2021-35197 Reference: ESB-2021.3281 Original Bulletin: http://www.debian.org/lts/security/2021/dla-2779 - --------------------------BEGIN INCLUDED TEXT-------------------- - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2779-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany October 09, 2021 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : mediawiki Version : 1:1.27.7-1~deb9u10 CVE ID : CVE-2021-35197 CVE-2021-41798 CVE-2021-41799 Multiple security issues were found in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, denial of service and certain unintended API access. For Debian 9 stretch, these problems have been fixed in version 1:1.27.7-1~deb9u10. We recommend that you upgrade your mediawiki packages. For the detailed security status of mediawiki please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mediawiki Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQKTBAABCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmFhwrtfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTwmxAAgd5Oy/3g1jkfOsrQzCKa9+504KCPsvaP6LdPpqmnXWVwx6HzL4S2+5Kn HgLmQuFYvbfzEiu6qTKVnIPYBiWiQdRK+7IW0U+Y0Oq1QACU8FlZHtofMoW2Lf7F sUc7oVlS4hrCDeOpw7vQN4asjJc7eqjtUyFhsQI/MVYUG2lOTPchjlUhXOZ1Te69 VCsrxucuuMArV6nTseR12aX7krQz8HwObz+I0/kGJ/MBuKIe+Pj7RimUJvjPWQS/ CXdbee63R8esNwyY2mnVbK6Jvtir3uuRAmQ2kbqMBOW0GQHbgPp+EyoTEOMVh/C6 kQrRnm+L0AarA+SdPYcNZdsp9f/wtzSnOcTLQq9rht7vCv1dbnztdqMwGP125jRF NI0D7bvBURI+eQgjejzhkZpfH6FgdQ0JWYyFDIstqhZY45t2QRfRxQuopdzJuZ7j yAibJx0pKKL3z6wzXduKSVPdJm5vXG6AJi1gFCmb0FQ+533kSBlVhZzCw8nqGnVy kg5+PGAGCv/MpWMBH4b9AxQMLCuM2ZEFMlFlpLmOLURDvkiXsPQft3z7RWDtRbRK 7HYlJ17MNOs4nviHavRwIDKZKWG1b4p66WqZChoE4eVlCpXgSnv4UiDvH4Dm7nFe kuFBrhaOu8wuhbAKB2JEeZ64yI3QtvF7y17easoHKl8QiejJsmI= =XNuC - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYWOFReNLKJtyKPYoAQgJjQ//Q9AccihnqDo1fOLlDFQ6lLD3ovEJXmAy IRV1lI9+wiCtKNMWnxmtBHvd2zEXa+Wt1fx4bilyYnAu83zEwVDHUdIyBbbgx+zU XELCKulPTUvAkisyU5SMNU2PrbsYDQKmlERGfVD6Tf/aEWxS+49+N0ZuW0UCesQP t1wa97Qh0w4SIjswf08+JC7LeTrCm0YNZYMa6/NYEmk/gAk7+WcREg1p3Ah1gCym AWGhdwvuq3uCKMJbarEUU/cCTSf3ZiDOaRrl4i8XC2meDte5BvQSrHZIWvGTbpXt q50cQg63g5CKSKJgxHtkq64Bxkhj5vO06SE2vC7iHy6aEy1Ibi0862sb0tVfaLQP /yTocECG4QHEnqlGjww0YC0yJCV7QF7QJvpObajpoZWVywSDtqGPhOBlwStdhC40 /Dmuu9zj0iJ6BvryG6M5UOKu6Q8gxW5NjgYbY+ULuaEp6lNoeTcpbgAmvPLkI8ps 1zLyvNFGzQ/VmBCunP9PH7B3aLE6xvzYh0UowOQpEy8dRmEh2x8QcRyWDhC/AEd4 OCxafgI6hoKz+x275LXVQAx4X+cLw8JOmxP14dwy/SIJGPtukwx3wTJOwm9lUdjM Hdnjj60ISBbIM4PvhykleCDlVKntoq7hzlBFqKG9blbBPrs2RAcnyR0H4kMCXPVc DmWas8JpXSc= =sF9P -----END PGP SIGNATURE-----