- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202305-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: MediaWiki: Multiple Vulnerabilities Date: May 21, 2023 Bugs: #815376, #829302, #836430, #855965, #873385, #888041 ID: 202305-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service. Background ========= MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Affected packages ================ Package Vulnerable Unaffected ------------------ ------------ ------------ www-apps/mediawiki < 1.25.2 >= 1.25.2 Description ========== Multiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All MediaWiki users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.38.5" References ========= [ 1 ] CVE-2021-41798 https://nvd.nist.gov/vuln/detail/CVE-2021-41798 [ 2 ] CVE-2021-41799 https://nvd.nist.gov/vuln/detail/CVE-2021-41799 [ 3 ] CVE-2021-41800 https://nvd.nist.gov/vuln/detail/CVE-2021-41800 [ 4 ] CVE-2021-44854 https://nvd.nist.gov/vuln/detail/CVE-2021-44854 [ 5 ] CVE-2021-44855 https://nvd.nist.gov/vuln/detail/CVE-2021-44855 [ 6 ] CVE-2021-44856 https://nvd.nist.gov/vuln/detail/CVE-2021-44856 [ 7 ] CVE-2021-44857 https://nvd.nist.gov/vuln/detail/CVE-2021-44857 [ 8 ] CVE-2021-44858 https://nvd.nist.gov/vuln/detail/CVE-2021-44858 [ 9 ] CVE-2021-45038 https://nvd.nist.gov/vuln/detail/CVE-2021-45038 [ 10 ] CVE-2022-28202 https://nvd.nist.gov/vuln/detail/CVE-2022-28202 [ 11 ] CVE-2022-28205 https://nvd.nist.gov/vuln/detail/CVE-2022-28205 [ 12 ] CVE-2022-28206 https://nvd.nist.gov/vuln/detail/CVE-2022-28206 [ 13 ] CVE-2022-28209 https://nvd.nist.gov/vuln/detail/CVE-2022-28209 [ 14 ] CVE-2022-31090 https://nvd.nist.gov/vuln/detail/CVE-2022-31090 [ 15 ] CVE-2022-31091 https://nvd.nist.gov/vuln/detail/CVE-2022-31091 [ 16 ] CVE-2022-34911 https://nvd.nist.gov/vuln/detail/CVE-2022-34911 [ 17 ] CVE-2022-34912 https://nvd.nist.gov/vuln/detail/CVE-2022-34912 [ 18 ] CVE-2022-41765 https://nvd.nist.gov/vuln/detail/CVE-2022-41765 [ 19 ] CVE-2022-41766 https://nvd.nist.gov/vuln/detail/CVE-2022-41766 [ 20 ] CVE-2022-41767 https://nvd.nist.gov/vuln/detail/CVE-2022-41767 [ 21 ] CVE-2022-47927 https://nvd.nist.gov/vuln/detail/CVE-2022-47927 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202305-24 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5