Lucene search

K
debianDebianDEBIAN:DLA-3117-1:F4E45
HistorySep 22, 2022 - 2:38 p.m.

[SECURITY] [DLA 3117-1] mediawiki security update

2022-09-2214:38:08
lists.debian.org
19
mediawiki
security update
debian 10
cve-2021-44856
cve-2022-28201
xss

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7

Confidence

Low

EPSS

0.004

Percentile

74.2%


Debian LTS Advisory DLA-3117-1 [email protected]
https://www.debian.org/lts/security/ Markus Koschany
September 22, 2022 https://wiki.debian.org/LTS

Package : mediawiki
Version : 1:1.31.16-1+deb10u3
CVE ID : CVE-2021-44856 CVE-2022-28201 CVE-2022-28202 CVE-2022-28203
CVE-2022-34911 CVE-2022-34912

Several security vulnerabilities were discovered in mediawiki, a website engine
for collaborative work. Insufficiently escaped input text may allow a malicious
user to perform cross-site-scripting (XSS) attacks.

For Debian 10 buster, these problems have been fixed in version
1:1.31.16-1+deb10u3.

We recommend that you upgrade your mediawiki packages.

For the detailed security status of mediawiki please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mediawiki

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: This is a digitally signed message part

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7

Confidence

Low

EPSS

0.004

Percentile

74.2%