Mageia 2024-0155: mediawiki Security Advisory Updates
Summary
Mediawiki v1.40.0 does not validate namespaces used in XML files.
Therefore, if the instance administrator allows XML file uploads, a
remote attacker with a low-privileged user account can use this exploit
to become an administrator by sending a malicious link to the instance
administrator. (CVE-2023-3550)
An issue was discovered in MediaWiki before 1.35.12, 1.36.x through
1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in
youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This
is related to MediaWiki:Youhavenewmessagesfromusers. (CVE-2023-45360)
An issue was discovered in DifferenceEngine.php in MediaWiki before
1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1.
diff-multi-sameuser (aka "X intermediate revisions by the same user not
shown") ignores username suppression. This is an information leak.
(CVE-2023-45362)
An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12,
1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows
attackers to cause a denial of service (unbounded loop and
RequestTimeoutException) when querying pages redirected to other
variants with redirects and converttitles set. (CVE-2023-45363)
An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x
through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision
existence is leaked due to incorrect permissions being checked. This
reveals that a given revision ID belonged to the given page title, and
its timestamp, both of which are not supposed to be public information.
(CVE-2023-45364)
An issue was discovered in MediaWiki before 1.35.14, 1.36.x through
1.39.x before 1.39.6, and 1.40.x before 1.40.2. In
includes/logging/RightsLogFormatter.php, group-*-member messages can
result in XSS on Special:log/rights. (CVE-2023-51704)
References
- https://bugs.mageia.org/show_bug.cgi?id=33156
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45359
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45361
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45364
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51704
Resolution
MGASA-2024-0155 - Updated mediawiki packages fix security vulnerabilities
SRPMS
- 9/core/mediawiki-1.35.14-1.mga9