Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-2648-2:FD037
HistoryMay 06, 2021 - 7:48 p.m.

[SECURITY] [DLA 2648-2] mediawiki regression update

2021-05-0619:48:46
lists.debian.org
48

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

49.5%

JSON

Debian LTS Advisory DLA-2648-2 [email protected]
https://www.debian.org/lts/security/ Abhijith PA
May 07, 2021 https://wiki.debian.org/LTS

Package : mediawiki
Version : 1:1.27.7-1~deb9u9
CVE ID : CVE-2021-20270 CVE-2021-27291 CVE-2021-30152
CVE-2021-30155 CVE-2021-30158 CVE-2021-30159
Debian Bug : 985574 984664

The patch from latest upstream release to address CVE-2021-30152 was
not portable to stretch-security version causing MediaWiki APIs to
fail. This update includes a patch from upstream REL_31 release which
fix the issue.

For Debian 9 stretch, this problem has been fixed in version
1:1.27.7-1~deb9u9.

We recommend that you upgrade your mediawiki packages.

For the detailed security status of mediawiki please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mediawiki

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Related

nessus 43
osv 29
mageia 2
debian 6
altlinux 1
fedora 4
oraclelinux 3
rocky 3
almalinux 3
freebsd 1
redhat 5
ubuntu 3
gentoo 1
veracode 6
ubuntucve 6
debiancve 6
prion 6
redhatcve 6
cve 6
suse 4
alpinelinux 2
cbl_mariner 4
github 2
amazon 2
photon 4
kitploit 1
ibm 3
nessus
nessus
Debian DLA-2648-2 : mediawiki regression update
2021-05-07 00:00:00
Debian DSA-4889-1 : mediawiki - security update
2021-04-12 00:00:00
CentOS 8 : resource-agents (CESA-2021:4139)
2021-11-11 00:00:00
osv
osv
mediawiki - security update
2021-05-05 00:00:00
mediawiki - security update
2021-04-10 00:00:00
Moderate: resource-agents security, bug fix, and enhancement update
2021-11-09 08:20:04
mageia
mageia
Updated mediawiki packages fix security vulnerabilities
2021-05-23 04:30:51
Updated python-pygments packages fix a security vulnerability
2021-06-14 00:32:39
debian
debian
[SECURITY] [DLA 2648-1] mediawiki security update
2021-05-05 05:43:33
[SECURITY] [DSA 4889-1] mediawiki security update
2021-04-10 15:46:54
[SECURITY] [DSA 4870-1] pygments security update
2021-03-12 21:43:51
altlinux
altlinux
Security fix for the ALT Linux 9 package mediawiki version 1.35.2-alt1
2021-04-24 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: mediawiki-1.35.2-1.fc33
2021-04-21 21:41:50
[SECURITY] Fedora 34 Update: mediawiki-1.35.2-1.fc34
2021-04-24 20:24:48
[SECURITY] Fedora 32 Update: python-pygments-2.4.2-9.fc32
2021-05-06 00:58:53
oraclelinux
oraclelinux
python36:3.6 security and bug fix update
2021-11-16 00:00:00
resource-agents security update
2021-11-19 00:00:00
python27:2.7 security update
2021-11-16 00:00:00
rocky
rocky
python36:3.6 security and bug fix update
2021-11-09 08:24:37
resource-agents security, bug fix, and enhancement update
2021-11-09 08:20:04
python27:2.7 security update
2021-11-09 08:24:39
almalinux
almalinux
Moderate: python36:3.6 security and bug fix update
2021-11-09 08:24:37
Moderate: resource-agents security, bug fix, and enhancement update
2021-11-09 08:20:04
Moderate: python27:2.7 security update
2021-11-09 08:24:39
freebsd
freebsd
py-pygments -- multiple DoS vulnerabilities
2021-03-17 00:00:00
redhat
redhat
(RHSA-2021:4139) Moderate: resource-agents security, bug fix, and enhancement update
2021-11-09 08:20:04
(RHSA-2021:4150) Moderate: python36:3.6 security and bug fix update
2021-11-09 08:24:37
(RHSA-2021:0781) Moderate: Red Hat Ansible Automation Platform 1.2.2 security and bug fix update
2021-03-09 15:08:01
ubuntu
ubuntu
Pygments vulnerabilities
2023-08-14 00:00:00
Pygments vulnerability
2021-03-30 00:00:00
Pygments vulnerability
2021-03-22 00:00:00
gentoo
gentoo
MediaWiki: Multiple vulnerabilities
2021-07-17 00:00:00
veracode
veracode
Privilege Escalation
2021-04-10 04:45:09
Insecure Session Management
2021-04-07 06:00:07
Insecure Access Control
2021-04-10 04:44:58
ubuntucve
ubuntucve
CVE-2021-30159
2021-04-09 00:00:00
CVE-2021-30158
2021-04-06 00:00:00
CVE-2021-30155
2021-04-09 00:00:00
debiancve
debiancve
CVE-2021-30159
2021-04-09 07:15:00
CVE-2021-30158
2021-04-06 07:15:00
CVE-2021-30155
2021-04-09 07:15:00
prion
prion
Design/Logic Flaw
2021-04-06 07:15:00
Design/Logic Flaw
2021-04-09 07:15:00
Code injection
2021-04-09 07:15:00
redhatcve
redhatcve
CVE-2021-30158
2021-04-06 17:51:21
CVE-2021-30159
2021-04-12 16:47:01
CVE-2021-30155
2021-04-12 16:49:36
cve
cve
CVE-2021-30158
2021-04-06 07:15:00
CVE-2021-30155
2021-04-09 07:15:00
CVE-2021-30159
2021-04-09 07:15:00
suse
suse
Security update for python-Pygments (important)
2021-10-31 00:00:00
Security update for python-Pygments (important)
2021-12-03 00:00:00
Security update for python-Pygments (important)
2021-12-01 00:00:00
alpinelinux
alpinelinux
CVE-2021-20270
2021-03-23 17:15:00
CVE-2021-27291
2021-03-17 13:15:00
cbl_mariner
cbl_mariner
CVE-2021-20270 affecting package python-pygments 2.4.2-6
2021-04-06 23:50:13
CVE-2021-20270 affecting package python-pygments 2.4.2-7
2022-04-09 06:51:44
CVE-2021-27291 affecting package python-pygments 2.4.2-6
2021-04-06 23:50:13
github
github
Infinite Loop in Pygments
2021-04-20 16:35:47
Pygments vulnerable to Regular Expression Denial of Service (ReDoS)
2021-03-29 16:33:03
amazon
amazon
Medium: python-pygments
2023-08-03 18:10:00
Medium: python3-pygments
2023-07-05 22:01:00
photon
photon
Critical Photon OS Security Update - PHSA-2021-0253
2021-06-15 00:00:00
Critical Photon OS Security Update - PHSA-2021-3.0-0253
2021-06-16 00:00:00
Critical Photon OS Security Update - PHSA-2021-0047
2021-06-16 00:00:00
kitploit
kitploit
Regexploit - Find Regular Expressions Which Are Vulnerable To ReDoS (Regular Expression Denial Of Service)
2021-07-20 12:30:00
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs
2022-10-25 14:32:34
Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities
2023-01-19 13:54:16
Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs
2023-03-08 18:05:21

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

49.5%

JSON
Related for DEBIAN:DLA-2648-2:FD037
nessus43osv29mageia2debian6altlinux1fedora4oraclelinux3rocky3almalinux3freebsd1redhat5ubuntu3gentoo1veracode6ubuntucve6debiancve6prion6redhatcve6cve6suse4alpinelinux2cbl_mariner4github2amazon2photon4kitploit1ibm3