Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.3356
mediawiki security update
11 October 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: mediawiki
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Cross-site Scripting -- Remote with User Interaction
Denial of Service -- Existing Account
Reduced Security -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-41799 CVE-2021-41798 CVE-2021-35197
Reference: ESB-2021.3281
Original Bulletin:
http://www.debian.org/lts/security/2021/dla-2779
- --------------------------BEGIN INCLUDED TEXT--------------------
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2779-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Markus Koschany
October 09, 2021 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : mediawiki
Version : 1:1.27.7-1~deb9u10
CVE ID : CVE-2021-35197 CVE-2021-41798 CVE-2021-41799
Multiple security issues were found in MediaWiki, a website engine for
collaborative work, which could result in cross-site scripting,
denial of service and certain unintended API access.
For Debian 9 stretch, these problems have been fixed in version
1:1.27.7-1~deb9u10.
We recommend that you upgrade your mediawiki packages.
For the detailed security status of mediawiki please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mediawiki
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmFhwrtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeTwmxAAgd5Oy/3g1jkfOsrQzCKa9+504KCPsvaP6LdPpqmnXWVwx6HzL4S2+5Kn
HgLmQuFYvbfzEiu6qTKVnIPYBiWiQdRK+7IW0U+Y0Oq1QACU8FlZHtofMoW2Lf7F
sUc7oVlS4hrCDeOpw7vQN4asjJc7eqjtUyFhsQI/MVYUG2lOTPchjlUhXOZ1Te69
VCsrxucuuMArV6nTseR12aX7krQz8HwObz+I0/kGJ/MBuKIe+Pj7RimUJvjPWQS/
CXdbee63R8esNwyY2mnVbK6Jvtir3uuRAmQ2kbqMBOW0GQHbgPp+EyoTEOMVh/C6
kQrRnm+L0AarA+SdPYcNZdsp9f/wtzSnOcTLQq9rht7vCv1dbnztdqMwGP125jRF
NI0D7bvBURI+eQgjejzhkZpfH6FgdQ0JWYyFDIstqhZY45t2QRfRxQuopdzJuZ7j
yAibJx0pKKL3z6wzXduKSVPdJm5vXG6AJi1gFCmb0FQ+533kSBlVhZzCw8nqGnVy
kg5+PGAGCv/MpWMBH4b9AxQMLCuM2ZEFMlFlpLmOLURDvkiXsPQft3z7RWDtRbRK
7HYlJ17MNOs4nviHavRwIDKZKWG1b4p66WqZChoE4eVlCpXgSnv4UiDvH4Dm7nFe
kuFBrhaOu8wuhbAKB2JEeZ64yI3QtvF7y17easoHKl8QiejJsmI=
=XNuC
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYWOFReNLKJtyKPYoAQgJjQ//Q9AccihnqDo1fOLlDFQ6lLD3ovEJXmAy
IRV1lI9+wiCtKNMWnxmtBHvd2zEXa+Wt1fx4bilyYnAu83zEwVDHUdIyBbbgx+zU
XELCKulPTUvAkisyU5SMNU2PrbsYDQKmlERGfVD6Tf/aEWxS+49+N0ZuW0UCesQP
t1wa97Qh0w4SIjswf08+JC7LeTrCm0YNZYMa6/NYEmk/gAk7+WcREg1p3Ah1gCym
AWGhdwvuq3uCKMJbarEUU/cCTSf3ZiDOaRrl4i8XC2meDte5BvQSrHZIWvGTbpXt
q50cQg63g5CKSKJgxHtkq64Bxkhj5vO06SE2vC7iHy6aEy1Ibi0862sb0tVfaLQP
/yTocECG4QHEnqlGjww0YC0yJCV7QF7QJvpObajpoZWVywSDtqGPhOBlwStdhC40
/Dmuu9zj0iJ6BvryG6M5UOKu6Q8gxW5NjgYbY+ULuaEp6lNoeTcpbgAmvPLkI8ps
1zLyvNFGzQ/VmBCunP9PH7B3aLE6xvzYh0UowOQpEy8dRmEh2x8QcRyWDhC/AEd4
OCxafgI6hoKz+x275LXVQAx4X+cLw8JOmxP14dwy/SIJGPtukwx3wTJOwm9lUdjM
Hdnjj60ISBbIM4PvhykleCDlVKntoq7hzlBFqKG9blbBPrs2RAcnyR0H4kMCXPVc
DmWas8JpXSc=
=sF9P
-----END PGP SIGNATURE-----