it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4767-1] mediawiki security update

From: Moritz Muehlenhoff <jmm AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 4767-1] mediawiki security update
Date: Fri, 25 Sep 2020 17:43:05 +0000
List-archive: https://lists.debian.org/msgid-search/20200925174305.GA26596 AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From: Date:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=5TozZrNqoDx4XpuUyF90aBOYCYjNITMIJ2QyhhsQh9k=; b=Uo aakFAJ4jlVttY9fkYZQZwhI2E6LY9iry/39UtVbUZSQh7E6n9G00l8iQuKbvwkY7wCQksysQ1GMLU FjHXDmNJ7APq5RCNByKXKDYgb+KJ/TJXbV2pZAm6Fk5kNQJCA1TQaL2cKQjteAQFkFxRpHOGKaWZ/ Mm7sdyDqp/tRe1NKLx79ifS4SyD09YPkNuQW/qcHHkRGsla8YWzTO8EnmMI98l4pLOB9ITv+HMT/V /r6qW1RJz3MCeFQAT7SuG/xyU8Ilie5rsC97cqrtuiblMEPO/cKDFaRi/ADuNWU0TZE6rzNkYm/Xy GsTZLbrEqUbxMaiO5xNf2pYQWtmy5zrw==;
Old-return-path: <jmm AT seger.debian.org>
Priority: urgent
Resent-date: Fri, 25 Sep 2020 17:43:22 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <BTgosjXJ70O.A.pAF.6wibfB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4767-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
September 25, 2020 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : mediawiki
CVE ID : CVE-2020-15005 CVE-2020-25812 CVE-2020-25813 CVE-2020-25814
CVE-2020-25815 CVE-2020-25827 CVE-2020-25828

Multiple security issues were discovered in MediaWiki, a website engine
for collaborative work: SpecialUserRights could leak whether a user
existed or not, multiple code paths lacked HTML sanitisation allowing
for cross-site scripting and TOTP validation applied insufficient rate
limiting against brute force attempts.

For the stable distribution (buster), these problems have been fixed in
version 1:1.31.10-1~deb10u1.

We recommend that you upgrade your mediawiki packages.

For the detailed security status of mediawiki please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mediawiki

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl9uK7EACgkQEMKTtsN8
TjYZIQ//Xmlayc3RkqA0XDHm9VV1y7tSfQpKzbF0nWFF5Yry8K8BLsuSz24t3g02
iJUFce5pIalU1mtMOjqf5qd+ZVqZHUJ1MIouXnUwLONSXVYOs5T2ddh50aN/B7wt
r+hIk7mQS5Wtq1gMwVXgrcmefFQMzMMp/zLxFaIKrkQt9eHvPQKh7yixvSKHf0Li
3VSmHaYJwTDGc8VAuebebU/JsG3wLzJgsInC5nG1KPdaFWW9Mz3XGW15n9X02MYC
t0l10sI6yo/QNwf3W0lZ49BqMitH0SNwK7KpKPGWc4WwrdcCQRMkx2oYIQ6diMb9
8m6/PDUOy+flEPym3P+ZSgj0G20WLXrdPEgqeASsDZeiRJPVeQOMXKu+c76tXCsF
6lLpTS3nrg0L6RpqxkF2hftGhA+WilKtHuIVmjN+JPR3bJeXOgYu5y6LryoYaKNv
ppIbUinTYNdul7EZdUSZwmvwLqLJLcHCHXTEiSCQJ8no6VUjOI1zis3xVp2dP2yW
k5gJkl+b6AGi4A+nR/ySE28YfEK/hG03zEHZ8VnrrjLA/uPYfWJgxkCYmeSMz9v1
eTjQhpe7tJYQzs0myGOm/QoxF+QuOEqrhJTJMSMFswOZhKk3TM1dBtSCIw9gABNB
eC12yeS4Lf2ZlXfo9au2gjb7rJXjGqhugfRfAeohcMe/1s+303Y=
=N41l
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 4767-1] mediawiki security update, Moritz Muehlenhoff, 25.09.2020

Archiv bereitgestellt durch MHonArc 2.6.19.