Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Mageia 8: 2021-0477 Critical: MediaWiki XSS And Permissions Fixes

mageia
Calendar Grey October 13, 2021
Dist Mageia Esm H88
Recent updates to MediaWiki in Mageia tackle vulnerabilities related to XSS and permission errors, with several CVEs released on October 13, 2021.
XSS vulnerability in Special:Search

Summary

XSS vulnerability in Special:Search. (CVE-2021-41798) ApiQueryBacklinks can cause a full table scan. (CVE-2021-41799) Fix PoolCounter protection of Special:Contributions. (CVE-2021-41800) ReplaceText continues performing actions if the user no longer has the correct permission (such as by being blocked). (CVE-2021-41801)

References

- https://bugs.mageia.org/show_bug.cgi?id=29531

- https://lists.debian.org/debian-security-announce/2021/msg00164.html

- https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/

- https://www.cve.org/CVERecord?id=CVE-2021-41798

- https://www.cve.org/CVERecord?id=CVE-2021-41799

- https://www.cve.org/CVERecord?id=CVE-2021-41800

- https://www.cve.org/CVERecord?id=CVE-2021-41801

Topics%20covered

Topics Covered

security advisory critical software update xss permission issue mediawiki mageia

Resolution

SRPMS

- 8/core/mediawiki-1.35.4-1.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 13 Oct 2021
URL: https://advisories.mageia.org/MGASA-2021-0477.html
Type: security
CVE: CVE-2021-41798, CVE-2021-41799, CVE-2021-41800, CVE-2021-41801

Topics%20covered

Topics Covered

security advisory critical software update xss permission issue mediawiki mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here