Linux Security
    Linux Security
    Linux Security

    Mageia 2021-0086: mediawiki security update

    Date 19 Feb 2021
    113
    Posted By LinuxSecurity Advisories
    In MediaWiki before 1.31.11, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. The right column with the changeable groups is not affected and is escaped correctly
    MGASA-2021-0086 - Updated mediawiki packages fix security vulnerability
    
    Publication date: 19 Feb 2021
    URL: https://advisories.mageia.org/MGASA-2021-0086.html
    Type: security
    Affected Mageia releases: 7
    CVE: CVE-2020-35475,
         CVE-2020-35477,
         CVE-2020-35479,
         CVE-2020-35480
    
    In MediaWiki before 1.31.11, the messages userrights-expiry-current and
    userrights-expiry-none can contain raw HTML. XSS can happen when a user visits
    Special:UserRights but does not have rights to change all userrights, and the
    table on the left side has unchangeable groups in it. The right column with
    the changeable groups is not affected and is escaped correctly
    (CVE-2020-35475).
    
    MediaWiki before 1.31.11 blocks legitimate attempts to hide log entries in
    some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main
    Page, visits a log entry on Special:Log, and toggles the "Change visibility of
    selected log entries" checkbox (or a tags checkbox) next to it, there is a
    redirection to the main page's action=historysubmit instead of the desired
    behavior in which a revision-deletion form appears (CVE-2020-35477).
    
    MediaWiki before 1.31.11 allows XSS via BlockLogFormatter.php.
    Language::translateBlockExpiry itself does not escape in all code paths. For
    example, the return of Language::userTimeAndDate is is always unsafe for HTML
    in a month value (CVE-2020-35479).
    
    An issue was discovered in MediaWiki before 1.31.11. Missing users (accounts
    that don't exist) and hidden users (accounts that have been explicitly hidden
    due to being abusive, or similar) that the viewer cannot see are handled
    differently, exposing sensitive information about the hidden status to
    unprivileged viewers. This exists on various code paths (CVE-2020-35480).
    
    References:
    - https://bugs.mageia.org/show_bug.cgi?id=27781
    - https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html
    - https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000269.html
    - https://www.debian.org/security/2020/dsa-4816
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35475
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35477
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35479
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35480
    
    SRPMS:
    - 7/core/mediawiki-1.31.12-1.mga7
    

    Advisories

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"22","type":"x","order":"1","pct":34.92,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"13","type":"x","order":"2","pct":20.63,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"28","type":"x","order":"3","pct":44.44,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.