Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 40: FEDORA-2024-2c564b942d Critical: php-wikimedia-cdb XSS Issues

fedora
Calendar Grey May 11, 2024
Dist Fedora Esm H88
Important security notice for php-wikimedia-cdb on Fedora 40 tackling various XSS vulnerabilities and denial of service concerns.
https://www.mediawiki.org/wiki/Release_notes/1.41

Summary

CDB, short for "constant database", refers to a very fast and highly reliable

database system which uses a simple file with key value pairs. This library

wraps the CDB functionality exposed in PHP via the dba_* functions. In cases

where dba_* functions are not present or are not compiled with CDB support,

a pure-PHP implementation is provided for falling back.

Update Information:

https://www.mediawiki.org/wiki/Release_notes/1.41

Topics%20covered

Topics Covered

security advisory denial of service Fedora XSS php-wikimedia-cdb

Change Log

* Fri May 3 2024 Michael Cronenworth - 3.0.0-1 - version update

References


[ 1 ] Bug #2240808 - CVE-2023-3550 mediawiki: stored XSS leads to privilege escalation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2240808 [ 2 ] Bug #2241397 - mediawiki-1.41.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2241397 [ 3 ] Bug #2247804 - CVE-2023-45360 mediawiki: XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247804 [ 4 ] Bug #2247806 - CVE-2023-45362 mediawiki: diff-multi-sameuser ("X intermediate revisions by the same user not shown") ignores username suppression [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247806 [ 5 ] Bug #2255583 - CVE-2023-51704 mediawiki: group-.*-member messages are not properly escaped on Special:log/rights [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2255583 [ 6 ] Bug #2261492 - php-oojs-oojs-ui: FTBFS in Fedora rawhide/f40 https://bugzilla.re...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-2c564b942d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: php-wikimedia-cdb
Product: Fedora 40
Version: 3.0.0
Release: 1.fc40
URL: http://www.mediawiki.org/wiki/CDB
Summary: CDB functions for PHP

Topics%20covered

Topics Covered

security advisory denial of service Fedora XSS php-wikimedia-cdb

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here