advisories/29531.adv

type: security
subject: Updated mediawiki packages fix security vulnerability
CVE:
 - CVE-2021-41798
 - CVE-2021-41799
 - CVE-2021-41800
 - CVE-2021-41801
src:
  8:
   core:
     - mediawiki-1.35.4-1.mga8
description: |
  XSS vulnerability in Special:Search. (CVE-2021-41798)
  ApiQueryBacklinks can cause a full table scan. (CVE-2021-41799)
  Fix PoolCounter protection of Special:Contributions. (CVE-2021-41800)
  ReplaceText continues performing actions if the user no longer has the
  correct permission (such as by being blocked). (CVE-2021-41801)
references:
 - https://bugs.mageia.org/show_bug.cgi?id=29531
 - https://www.debian.org/security/2021/dsa-4979
 - https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/
ID: MGASA-2021-0477
1	type: security
2	subject: Updated mediawiki packages fix security vulnerability
3	CVE:
4	- CVE-2021-41798
5	- CVE-2021-41799
6	- CVE-2021-41800
7	- CVE-2021-41801
8	src:
9	8:
10	core:
11	- mediawiki-1.35.4-1.mga8
12	description: \|
13	XSS vulnerability in Special:Search. (CVE-2021-41798)
14	ApiQueryBacklinks can cause a full table scan. (CVE-2021-41799)
15	Fix PoolCounter protection of Special:Contributions. (CVE-2021-41800)
16	ReplaceText continues performing actions if the user no longer has the
17	correct permission (such as by being blocked). (CVE-2021-41801)
18	references:
19	- https://bugs.mageia.org/show_bug.cgi?id=29531
20	- https://www.debian.org/security/2021/dsa-4979
21	- https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
22	- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/
23	ID: MGASA-2021-0477