Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Mageia: 2022-0145 Moderate: Mediawiki DoS and Recursion Issue

mageia
Calendar Grey April 18, 2022
Dist Mageia Esm H88
Mageia 2022-0146 resolves vulnerabilities in mediawiki, targeting denial-of-service exploits and issues related to infinite loops.
Title::newMainPage() goes into an infinite recursion loop if it points to a local interwiki (CVE-2022-28201)

Summary

Title::newMainPage() goes into an infinite recursion loop if it points to a local interwiki (CVE-2022-28201).
Messages widthheight/widthheightpage/nbytes not escaped when used in galleries or Special:RevisionDelete (CVE-2022-28202).
Requesting Special:NewFiles on a wiki with many file uploads with actor as a condition can result in a DoS (CVE-2022-28203).
Special:WhatLinksHere can result in a DoS when a page is used on a extremely large number of other pages (CVE-2022-28204).

References

- https://bugs.mageia.org/show_bug.cgi?id=30231

- https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/

- https://www.cve.org/CVERecord?id=CVE-2022-28201

- https://www.cve.org/CVERecord?id=CVE-2022-28202

- https://www.cve.org/CVERecord?id=CVE-2022-28203

- https://www.cve.org/CVERecord?id=CVE-2022-28204

Topics%20covered

Topics Covered

security advisory security issue DoS mediawiki Mageia recursion flaw

Resolution

SRPMS

- 8/core/mediawiki-1.35.6-1.mga8

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 18 Apr 2022
URL: https://advisories.mageia.org/MGASA-2022-0145.html
Type: security
CVE: CVE-2022-28201, CVE-2022-28202, CVE-2022-28203, CVE-2022-28204

Topics%20covered

Topics Covered

security advisory security issue DoS mediawiki Mageia recursion flaw

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here