Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Mehrere Probleme in mediawiki
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in mediawiki
ID: FEDORA-2017-3fb95ed01f
Distribution: Fedora
Plattformen: Fedora 25
Datum: So, 16. April 2017, 10:07
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0366
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0372
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0369
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0365
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0361
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0362
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0370
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0367
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0363

Originalnachricht

--------------------------------------------------------------------------------

Fedora Update Notification
FEDORA-2017-3fb95ed01f
2017-04-15 18:25:31.200657
--------------------------------------------------------------------------------


Name : mediawiki
Product : Fedora 25
Version : 1.27.2
Release : 1.fc25
URL : http://www.mediawiki.org/
Summary : A wiki engine
Description :
MediaWiki is the software used for Wikipedia and the other Wikimedia
Foundation websites. Compared to other wikis, it has an excellent
range of features and support for high-traffic websites using multiple
servers

This package supports wiki farms. Read the instructions for creating wiki
instances under /usr/share/doc/mediawiki/README.RPM.
Remember to remove the config dir after completing the configuration.

--------------------------------------------------------------------------------

Update Information:

* (T109140) (T122209) Special:UserLogin and Special:Search allow redirect to
interwiki links. (CVE-2017-0363, CVE-2017-0364) * (T144845) XSS in
SearchHighlighter::highlightText() when $wgAdvancedSearchHighlighting is
true.
(CVE-2017-0365) * (T125177) API parameters may now be marked as
"sensitive" to
keep their values out of the logs. (CVE-2017-0361) * (T150044) "Mark
all
pages visited" on the watchlist now requires a CSRF token.
(CVE-2017-0362) *
(T156184) Escape content model/format url parameter in message.
(CVE-2017-0368) * (T151735) SVG filter evasion using default attribute values
in
DTD declaration. (CVE-2017-0366) * (T48143) Spam blacklist ineffective on
encoded URLs inside file inclusion syntax's link parameter.
(CVE-2017-0370) *
(T108138) Sysops can undelete pages, although the page is protected against
it. (CVE-2017-0369) The following only affects 1.27 and above and is not
included in the 1.23 upgrade: * (T161453) LocalisationCache will no longer
use
the temporary directory in its fallback chain when trying to work out where
to
write the cache. (CVE-2017-0367) The following fix is for the
SyntaxHighlight
extension: * (T158689) Parameters injection in SyntaxHighlight results in
multiple vulnerabilities. (CVE-2017-0372)
--------------------------------------------------------------------------------


This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade mediawiki' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung