Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2017-0110)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2017.0110

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2017-0110)

Zusammenfassung: The remote host is missing an update for the 'mediawiki' package(s) announced via the MGASA-2017-0110 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'mediawiki' package(s) announced via the MGASA-2017-0110 advisory.

Vulnerability Insight:
API parameters may now be marked as 'sensitive' to keep their values out
of the logs (CVE-2017-0361).

'Mark all pages visited' on the watchlist now requires a CSRF token
(CVE-2017-0362).

Special:UserLogin and Special:Search allow redirect to interwiki links
(CVE-2017-0363, CVE-2017-0364).

XSS in SearchHighlighter::highlightText() when
$wgAdvancedSearchHighlighting is true (CVE-2017-0365).

SVG filter evasion using default attribute values in DTD declaration
(CVE-2017-0366).

Escape content model/format url parameter in message (CVE-2017-0368).

Sysops can undelete pages, although the page is protected against it
(CVE-2017-0369).

Spam blacklist ineffective on encoded URLs inside file inclusion syntax's
link parameter (CVE-2017-0370).

Affected Software/OS:
'mediawiki' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-0361
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
http://www.securitytracker.com/id/1039812
Common Vulnerability Exposure (CVE) ID: CVE-2017-0362
Common Vulnerability Exposure (CVE) ID: CVE-2017-0363
Common Vulnerability Exposure (CVE) ID: CVE-2017-0364
Common Vulnerability Exposure (CVE) ID: CVE-2017-0365
Common Vulnerability Exposure (CVE) ID: CVE-2017-0366
Common Vulnerability Exposure (CVE) ID: CVE-2017-0368
Common Vulnerability Exposure (CVE) ID: CVE-2017-0369
Common Vulnerability Exposure (CVE) ID: CVE-2017-0370

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2017.0110
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2017-0110)
Zusammenfassung:	The remote host is missing an update for the 'mediawiki' package(s) announced via the MGASA-2017-0110 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'mediawiki' package(s) announced via the MGASA-2017-0110 advisory. Vulnerability Insight: API parameters may now be marked as 'sensitive' to keep their values out of the logs (CVE-2017-0361). 'Mark all pages visited' on the watchlist now requires a CSRF token (CVE-2017-0362). Special:UserLogin and Special:Search allow redirect to interwiki links (CVE-2017-0363, CVE-2017-0364). XSS in SearchHighlighter::highlightText() when $wgAdvancedSearchHighlighting is true (CVE-2017-0365). SVG filter evasion using default attribute values in DTD declaration (CVE-2017-0366). Escape content model/format url parameter in message (CVE-2017-0368). Sysops can undelete pages, although the page is protected against it (CVE-2017-0369). Spam blacklist ineffective on encoded URLs inside file inclusion syntax's link parameter (CVE-2017-0370). Affected Software/OS: 'mediawiki' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-0361 https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html http://www.securitytracker.com/id/1039812 Common Vulnerability Exposure (CVE) ID: CVE-2017-0362 Common Vulnerability Exposure (CVE) ID: CVE-2017-0363 Common Vulnerability Exposure (CVE) ID: CVE-2017-0364 Common Vulnerability Exposure (CVE) ID: CVE-2017-0365 Common Vulnerability Exposure (CVE) ID: CVE-2017-0366 Common Vulnerability Exposure (CVE) ID: CVE-2017-0368 Common Vulnerability Exposure (CVE) ID: CVE-2017-0369 Common Vulnerability Exposure (CVE) ID: CVE-2017-0370
Copyright	Copyright (C) 2022 Greenbone AG