Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Warning: Undefined array key "Description" in /var/www/www.linuxsecurity.com-443/html/lsadvisories/lsadvisories.php on line 220

Fedora 35: 2021-bef1126908 Moderate: MediaWiki XSS Threat Mitigation

fedora
Calendar Grey January 7, 2022
Dist Fedora Esm H88
Upgrading MediaWiki on Fedora 35 is crucial for security and XSS vulnerability fixes. This guide covers backup, updates, and testing procedures for the upgrade
https://www.mediawiki.org/wiki/Release_notes/1.36#MediaWiki_1.36.3

Summary

MediaWiki is the software used for Wikipedia and the other Wikimedia

Foundation websites. Compared to other wikis, it has an excellent

range of features and support for high-traffic websites using multiple

servers

This package supports wiki farms. Read the instructions for creating wiki

instances under /usr/share/doc/mediawiki/README.RPM.

Remember to remove the config dir after completing the configuration.

* Wed Dec 29 2021 Michael Cronenworth - 1.36.3-1

- Update to 1.36.3

[ 1 ] Bug #2036080 - CVE-2021-45471 mediawiki: blocked IP addresses are allowed to edit EntitySchema items [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2036080

[ 2 ] Bug #2036083 - CVE-2021-45472 mediawiki: XSS in Wikibase using formatter URL [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2036083

[ 3 ] Bug #2036088 - CVE-2021-45473 mediawiki: XSS on page information Wikibase central description [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2036088

[ 4 ] Bug #2036090 - CVE-2021-45474 mediawiki: XSS in Special:ImportFile URL [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2036090

su -c 'dnf upgrade --advisory FEDORA-2021-bef1126908' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory software update Fedora XSS issue MediaWiki issue mitigation

Change Log

References

Update Instructions

Severity
important
Lowest
Low
Medium
High
Critical

Product: Fedora 35
Version: 1.36.3
Release: 1.fc35
URL: https://www.mediawiki.org/wiki/MediaWiki
Summary: A wiki engine

Topics%20covered

Topics Covered

security advisory software update Fedora XSS issue MediaWiki issue mitigation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here