Fedora 40: mediawiki 2024-2c564b942d Security Advisory Updates
Summary
MediaWiki is the software used for Wikipedia and the other Wikimedia
Foundation websites. Compared to other wikis, it has an excellent
range of features and support for high-traffic websites using multiple
servers
This package supports wiki farms. Read the instructions for creating wiki
instances under /usr/share/doc/mediawiki/README.RPM.
Remember to remove the config dir after completing the configuration.
Update Information:
https://www.mediawiki.org/wiki/Release_notes/1.41
Change Log
* Fri May 3 2024 Michael Cronenworth
References
[ 1 ] Bug #2240808 - CVE-2023-3550 mediawiki: stored XSS leads to privilege escalation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2240808 [ 2 ] Bug #2241397 - mediawiki-1.41.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2241397 [ 3 ] Bug #2247804 - CVE-2023-45360 mediawiki: XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247804 [ 4 ] Bug #2247806 - CVE-2023-45362 mediawiki: diff-multi-sameuser ("X intermediate revisions by the same user not shown") ignores username suppression [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247806 [ 5 ] Bug #2255583 - CVE-2023-51704 mediawiki: group-.*-member messages are not properly escaped on Special:log/rights [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2255583 [ 6 ] Bug #2261492 - php-oojs-oojs-ui: FTBFS in Fedora rawhide/f40 https://bugzilla.redhat.com/show_bug.cgi?id=2261492 [ 7 ] Bug #2278773 - mediawiki: XSS in edit summary parser [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2278773 [ 8 ] Bug #2278774 - mediawiki: denial of service via GET request to Special:MovePage [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2278774 [ 9 ] Bug #2279230 - CVE-2024-34507 mediawiki: cross-site scripting [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2279230 [ 10 ] Bug #2279232 - CVE-2024-34506 mediawiki: denial of service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2279232 [ 11 ] Bug #2279234 - CVE-2024-34500 mediawiki: XSS through interface message in UnlinkedWikibase [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2279234 [ 12 ] Bug #2279239 - CVE-2024-34502 mediawiki: MergeLexemes makes edits on GET requests without edit tokens [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2279239
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-2c564b942d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label