Fedora 37: mediawiki 2023-30a7a812f0 | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Contribute
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-30a7a812f0
2023-01-27 08:54:44.218425
--------------------------------------------------------------------------------

Name        : mediawiki
Product     : Fedora 37
Version     : 1.38.5
Release     : 1.fc37
URL         : https://www.mediawiki.org/
Summary     : A wiki engine
Description :
MediaWiki is the software used for Wikipedia and the other Wikimedia
Foundation websites. Compared to other wikis, it has an excellent
range of features and support for high-traffic websites using multiple
servers

This package supports wiki farms. Read the instructions for creating wiki
instances under /usr/share/doc/mediawiki/README.RPM.
Remember to remove the config dir after completing the configuration.

--------------------------------------------------------------------------------
Update Information:

https://www.mediawiki.org/wiki/Release_notes/1.38
https://lists.wikimedia.org/hyperkitty/list/mediawiki-
[email protected]/message/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 18 2023 Michael Cronenworth  - 1.38.5-1
- Update to 1.38.5
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2156317 - CVE-2021-44854 mediawiki: Rest API incorrectly publicly caches results from private wikis [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2156317
  [ 2 ] Bug #2156319 - CVE-2021-44855 mediawiki: Blind Stored XSS via Upload Image via URL [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2156319
  [ 3 ] Bug #2156327 - CVE-2021-44856 mediawiki: Title blocked in AbuseFilter can be created via Special:ChangeContentModel due to the mishandling of EditFilterMergedContent hook return value [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2156327
  [ 4 ] Bug #2156330 - CVE-2022-41765 mediawiki: HTMLUserTextField exposes existence of hidden users [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2156330
  [ 5 ] Bug #2156332 - CVE-2022-41767 mediawiki: reassignEdits doesn't update results in an IP range check on Special:Contributions [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2156332
  [ 6 ] Bug #2160626 - CVE-2022-47927 mediawiki: sqlite information leak [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2160626
  [ 7 ] Bug #2161176 - CVE-2023-22945 mediawiki: GrowthExperiments growthmanagementorlist API allows blocked users to enroll as mentors [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2161176
  [ 8 ] Bug #2161180 - CVE-2023-22911 mediawiki: XSS in widget placement [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2161180
  [ 9 ] Bug #2161187 - CVE-2023-22909 mediawiki: Remote DoS [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2161187
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-30a7a812f0' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

Fedora 37: mediawiki 2023-30a7a812f0

January 27, 2023
https://www.mediawiki.org/wiki/Release_notes/1.38 https://lists.wikimedia.org/hyperkitty/list/mediawiki- [email protected]/message/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/

Summary

MediaWiki is the software used for Wikipedia and the other Wikimedia

Foundation websites. Compared to other wikis, it has an excellent

range of features and support for high-traffic websites using multiple

servers

This package supports wiki farms. Read the instructions for creating wiki

instances under /usr/share/doc/mediawiki/README.RPM.

Remember to remove the config dir after completing the configuration.

Update Information:

https://www.mediawiki.org/wiki/Release_notes/1.38 https://lists.wikimedia.org/hyperkitty/list/mediawiki- [email protected]/message/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/

Change Log

* Wed Jan 18 2023 Michael Cronenworth - 1.38.5-1 - Update to 1.38.5

References

[ 1 ] Bug #2156317 - CVE-2021-44854 mediawiki: Rest API incorrectly publicly caches results from private wikis [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2156317 [ 2 ] Bug #2156319 - CVE-2021-44855 mediawiki: Blind Stored XSS via Upload Image via URL [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2156319 [ 3 ] Bug #2156327 - CVE-2021-44856 mediawiki: Title blocked in AbuseFilter can be created via Special:ChangeContentModel due to the mishandling of EditFilterMergedContent hook return value [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2156327 [ 4 ] Bug #2156330 - CVE-2022-41765 mediawiki: HTMLUserTextField exposes existence of hidden users [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2156330 [ 5 ] Bug #2156332 - CVE-2022-41767 mediawiki: reassignEdits doesn't update results in an IP range check on Special:Contributions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2156332 [ 6 ] Bug #2160626 - CVE-2022-47927 mediawiki: sqlite information leak [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2160626 [ 7 ] Bug #2161176 - CVE-2023-22945 mediawiki: GrowthExperiments growthmanagementorlist API allows blocked users to enroll as mentors [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2161176 [ 8 ] Bug #2161180 - CVE-2023-22911 mediawiki: XSS in widget placement [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2161180 [ 9 ] Bug #2161187 - CVE-2023-22909 mediawiki: Remote DoS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2161187

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-30a7a812f0' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
Name : mediawiki
Product : Fedora 37
Version : 1.38.5
Release : 1.fc37
URL : https://www.mediawiki.org/
Summary : A wiki engine

News

Advisories

HOWTOs

Features

Interview with Guardian Digital CEO Dave Wreski: Open Source Utilization in Email Security Solutions & More
Verifying Linux Server Security: What Every Admin Needs to Know
What Linux, Windows & Mac OS Users Need to Know About VPNs
Complete Guide to Vulnerability Basics
How To Get Live Updates on Critical Linux Security Advisories

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy