Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2021-0218)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2021.0218

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2021-0218)

Resumen: The remote host is missing an update for the 'mediawiki' package(s) announced via the MGASA-2021-0218 advisory.

Descripción: Summary:
The remote host is missing an update for the 'mediawiki' package(s) announced via the MGASA-2021-0218 advisory.

Vulnerability Insight:
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the 'exception' keyword (CVE-2021-20270).

A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS) (CVE-2021-27291).

An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to 'protect' a page, a user is currently able to protect to a higher level than they currently have permissions for (CVE-2021-30152).

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page (CVE-2021-30155).

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unauthorized party
(CVE-2021-30158).

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain 'fast double move' situations. MovePage::isValidMoveTarget() uses FOR UPDATE, but it's only called if Title::getArticleID() returns non-zero with no special flags. Next, MovePage::moveToInternal() will delete the page if getArticleID(READ_LATEST) is non-zero. Therefore, if the page is missing in the replica DB, isValidMove() will return true, and then moveToInternal() will unconditionally delete the page if it can be found in the master (CVE-2021-30159).

Affected Software/OS:
'mediawiki' package(s) on Mageia 7, Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2021-20270
Debian Security Information: DSA-4889 (Google Search)
https://www.debian.org/security/2021/dsa-4889
https://bugzilla.redhat.com/show_bug.cgi?id=1922136
https://www.oracle.com/security-alerts/cpuoct2021.html
https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html
https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html
Common Vulnerability Exposure (CVE) ID: CVE-2021-27291
Debian Security Information: DSA-4878 (Google Search)
https://www.debian.org/security/2021/dsa-4878
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ/
https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce
https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14
https://lists.debian.org/debian-lts-announce/2021/03/msg00024.html
Common Vulnerability Exposure (CVE) ID: CVE-2021-30152
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/
https://security.gentoo.org/glsa/202107-40
https://phabricator.wikimedia.org/T270713
Common Vulnerability Exposure (CVE) ID: CVE-2021-30155
https://phabricator.wikimedia.org/T270988
Common Vulnerability Exposure (CVE) ID: CVE-2021-30158
https://phabricator.wikimedia.org/T277009
Common Vulnerability Exposure (CVE) ID: CVE-2021-30159
https://phabricator.wikimedia.org/T272386

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2021.0218
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2021-0218)
Resumen:	The remote host is missing an update for the 'mediawiki' package(s) announced via the MGASA-2021-0218 advisory.
Descripción:	Summary: The remote host is missing an update for the 'mediawiki' package(s) announced via the MGASA-2021-0218 advisory. Vulnerability Insight: An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the 'exception' keyword (CVE-2021-20270). A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS) (CVE-2021-27291). An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to 'protect' a page, a user is currently able to protect to a higher level than they currently have permissions for (CVE-2021-30152). An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page (CVE-2021-30155). An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unauthorized party (CVE-2021-30158). An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain 'fast double move' situations. MovePage::isValidMoveTarget() uses FOR UPDATE, but it's only called if Title::getArticleID() returns non-zero with no special flags. Next, MovePage::moveToInternal() will delete the page if getArticleID(READ_LATEST) is non-zero. Therefore, if the page is missing in the replica DB, isValidMove() will return true, and then moveToInternal() will unconditionally delete the page if it can be found in the master (CVE-2021-30159). Affected Software/OS: 'mediawiki' package(s) on Mageia 7, Mageia 8. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-20270 Debian Security Information: DSA-4889 (Google Search) https://www.debian.org/security/2021/dsa-4889 https://bugzilla.redhat.com/show_bug.cgi?id=1922136 https://www.oracle.com/security-alerts/cpuoct2021.html https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html Common Vulnerability Exposure (CVE) ID: CVE-2021-27291 Debian Security Information: DSA-4878 (Google Search) https://www.debian.org/security/2021/dsa-4878 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSJRFHALQ7E3UV4FFMFU2YQ6LUDHAI55/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSLD67LFGXOX2K5YNESSWAS4AGZIJTUQ/ https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14 https://lists.debian.org/debian-lts-announce/2021/03/msg00024.html Common Vulnerability Exposure (CVE) ID: CVE-2021-30152 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/ https://security.gentoo.org/glsa/202107-40 https://phabricator.wikimedia.org/T270713 Common Vulnerability Exposure (CVE) ID: CVE-2021-30155 https://phabricator.wikimedia.org/T270988 Common Vulnerability Exposure (CVE) ID: CVE-2021-30158 https://phabricator.wikimedia.org/T277009 Common Vulnerability Exposure (CVE) ID: CVE-2021-30159 https://phabricator.wikimedia.org/T272386
Copyright	Copyright (C) 2022 Greenbone AG