--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2017-3fb95ed01f
2017-04-15 18:25:31.200657
--------------------------------------------------------------------------------Name        : mediawiki
Product     : Fedora 25
Version     : 1.27.2
Release     : 1.fc25
URL         : https://www.mediawiki.org/wiki/MediaWiki
Summary     : A wiki engine
Description :
MediaWiki is the software used for Wikipedia and the other Wikimedia
Foundation websites. Compared to other wikis, it has an excellent
range of features and support for high-traffic websites using multiple
servers

This package supports wiki farms. Read the instructions for creating wiki
instances under /usr/share/doc/mediawiki/README.RPM.
Remember to remove the config dir after completing the configuration.

--------------------------------------------------------------------------------Update Information:

* (T109140) (T122209) Special:UserLogin and Special:Search allow redirect   to
interwiki links. (CVE-2017-0363, CVE-2017-0364) * (T144845) XSS in
SearchHighlighter::highlightText() when   $wgAdvancedSearchHighlighting is true.
(CVE-2017-0365) * (T125177) API parameters may now be marked as "sensitive" to
keep   their values out of the logs.  (CVE-2017-0361) * (T150044) "Mark all
pages visited" on the watchlist now requires a CSRF   token.  (CVE-2017-0362) *
(T156184) Escape content model/format url parameter in message.
(CVE-2017-0368) * (T151735) SVG filter evasion using default attribute values in
DTD   declaration. (CVE-2017-0366) * (T48143) Spam blacklist ineffective on
encoded URLs inside file inclusion   syntax's link parameter. (CVE-2017-0370) *
(T108138) Sysops can undelete pages, although the page is protected against
it. (CVE-2017-0369)  The following only affects 1.27 and above and is not
included in the 1.23 upgrade:  * (T161453) LocalisationCache will no longer use
the temporary directory   in its fallback chain when trying to work out where to
write the cache.   (CVE-2017-0367)  The following fix is for the SyntaxHighlight
extension:  * (T158689) Parameters injection in SyntaxHighlight results in
multiple vulnerabilities.   (CVE-2017-0372)
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade mediawiki' at the command line.
For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora 25: mediawiki Security Update

April 15, 2017
* (T109140) (T122209) Special:UserLogin and Special:Search allow redirect to interwiki links

Summary

MediaWiki is the software used for Wikipedia and the other Wikimedia

Foundation websites. Compared to other wikis, it has an excellent

range of features and support for high-traffic websites using multiple

servers

This package supports wiki farms. Read the instructions for creating wiki

instances under /usr/share/doc/mediawiki/README.RPM.

Remember to remove the config dir after completing the configuration.

* (T109140) (T122209) Special:UserLogin and Special:Search allow redirect to

interwiki links. (CVE-2017-0363, CVE-2017-0364) * (T144845) XSS in

SearchHighlighter::highlightText() when $wgAdvancedSearchHighlighting is true.

(CVE-2017-0365) * (T125177) API parameters may now be marked as "sensitive" to

keep their values out of the logs. (CVE-2017-0361) * (T150044) "Mark all

pages visited" on the watchlist now requires a CSRF token. (CVE-2017-0362) *

(T156184) Escape content model/format url parameter in message.

(CVE-2017-0368) * (T151735) SVG filter evasion using default attribute values in

DTD declaration. (CVE-2017-0366) * (T48143) Spam blacklist ineffective on

encoded URLs inside file inclusion syntax's link parameter. (CVE-2017-0370) *

(T108138) Sysops can undelete pages, although the page is protected against

it. (CVE-2017-0369) The following only affects 1.27 and above and is not

included in the 1.23 upgrade: * (T161453) LocalisationCache will no longer use

the temporary directory in its fallback chain when trying to work out where to

write the cache. (CVE-2017-0367) The following fix is for the SyntaxHighlight

extension: * (T158689) Parameters injection in SyntaxHighlight results in

multiple vulnerabilities. (CVE-2017-0372)

su -c 'dnf upgrade mediawiki' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

FEDORA-2017-3fb95ed01f 2017-04-15 18:25:31.200657 Product : Fedora 25 Version : 1.27.2 Release : 1.fc25 URL : https://www.mediawiki.org/wiki/MediaWiki Summary : A wiki engine Description : MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances under /usr/share/doc/mediawiki/README.RPM. Remember to remove the config dir after completing the configuration. * (T109140) (T122209) Special:UserLogin and Special:Search allow redirect to interwiki links. (CVE-2017-0363, CVE-2017-0364) * (T144845) XSS in SearchHighlighter::highlightText() when $wgAdvancedSearchHighlighting is true. (CVE-2017-0365) * (T125177) API parameters may now be marked as "sensitive" to keep their values out of the logs. (CVE-2017-0361) * (T150044) "Mark all pages visited" on the watchlist now requires a CSRF token. (CVE-2017-0362) * (T156184) Escape content model/format url parameter in message. (CVE-2017-0368) * (T151735) SVG filter evasion using default attribute values in DTD declaration. (CVE-2017-0366) * (T48143) Spam blacklist ineffective on encoded URLs inside file inclusion syntax's link parameter. (CVE-2017-0370) * (T108138) Sysops can undelete pages, although the page is protected against it. (CVE-2017-0369) The following only affects 1.27 and above and is not included in the 1.23 upgrade: * (T161453) LocalisationCache will no longer use the temporary directory in its fallback chain when trying to work out where to write the cache. (CVE-2017-0367) The following fix is for the SyntaxHighlight extension: * (T158689) Parameters injection in SyntaxHighlight results in multiple vulnerabilities. (CVE-2017-0372) su -c 'dnf upgrade mediawiki' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Change Log

References

Update Instructions

Severity
Product : Fedora 25
Version : 1.27.2
Release : 1.fc25
URL : https://www.mediawiki.org/wiki/MediaWiki
Summary : A wiki engine

Related News

19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved