Debian Linux Security Advisory 4767-1 - Multiple security issues were discovered in MediaWiki, a website engine existed or not, multiple code paths lacked HTML sanitisation allowing for cross-site scripting and TOTP validation applied insufficient rate limiting against brute force attempts.
c8613614ee7c9f1ac6af0506b3a755746764aa0c99cca5c2deba55fe743bab14-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4767-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
September 25, 2020 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : mediawiki
CVE ID : CVE-2020-15005 CVE-2020-25812 CVE-2020-25813 CVE-2020-25814
CVE-2020-25815 CVE-2020-25827 CVE-2020-25828
Multiple security issues were discovered in MediaWiki, a website engine
for collaborative work: SpecialUserRights could leak whether a user
existed or not, multiple code paths lacked HTML sanitisation allowing
for cross-site scripting and TOTP validation applied insufficient rate
limiting against brute force attempts.
For the stable distribution (buster), these problems have been fixed in
version 1:1.31.10-1~deb10u1.
We recommend that you upgrade your mediawiki packages.
For the detailed security status of mediawiki please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mediawiki
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl9uK7EACgkQEMKTtsN8
TjYZIQ//Xmlayc3RkqA0XDHm9VV1y7tSfQpKzbF0nWFF5Yry8K8BLsuSz24t3g02
iJUFce5pIalU1mtMOjqf5qd+ZVqZHUJ1MIouXnUwLONSXVYOs5T2ddh50aN/B7wt
r+hIk7mQS5Wtq1gMwVXgrcmefFQMzMMp/zLxFaIKrkQt9eHvPQKh7yixvSKHf0Li
3VSmHaYJwTDGc8VAuebebU/JsG3wLzJgsInC5nG1KPdaFWW9Mz3XGW15n9X02MYC
t0l10sI6yo/QNwf3W0lZ49BqMitH0SNwK7KpKPGWc4WwrdcCQRMkx2oYIQ6diMb9
8m6/PDUOy+flEPym3P+ZSgj0G20WLXrdPEgqeASsDZeiRJPVeQOMXKu+c76tXCsF
6lLpTS3nrg0L6RpqxkF2hftGhA+WilKtHuIVmjN+JPR3bJeXOgYu5y6LryoYaKNv
ppIbUinTYNdul7EZdUSZwmvwLqLJLcHCHXTEiSCQJ8no6VUjOI1zis3xVp2dP2yW
k5gJkl+b6AGi4A+nR/ySE28YfEK/hG03zEHZ8VnrrjLA/uPYfWJgxkCYmeSMz9v1
eTjQhpe7tJYQzs0myGOm/QoxF+QuOEqrhJTJMSMFswOZhKk3TM1dBtSCIw9gABNB
eC12yeS4Lf2ZlXfo9au2gjb7rJXjGqhugfRfAeohcMe/1s+303Y=
=N41l
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed