Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.3910 mediawiki security update 21 October 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: mediawiki Publisher: Debian Operating System: Debian GNU/Linux 9 Debian GNU/Linux 10 UNIX variants (UNIX, Linux, OSX) Impact/Access: Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-16738 Original Bulletin: http://www.debian.org/security/2019/dsa-4545 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running mediawiki check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4545-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 18, 2019 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : mediawiki CVE ID : CVE-2019-16738 It was discovered that the Special:Redirect functionality of MediaWiki, a website engine for collaborative work, could expose suppressed user names, resulting in an information leak. For the oldstable distribution (stretch), this problem has been fixed in version 1:1.27.7-1~deb9u2. For the stable distribution (buster), this problem has been fixed in version 1:1.31.4-1~deb10u1. We recommend that you upgrade your mediawiki packages. For the detailed security status of mediawiki please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mediawiki Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl2p/k4ACgkQEMKTtsN8 TjaraA//fhUy/HUmMee1OYPOjO4eEzx4PjY6MVikMCIDZb1IS7l9HDw6Vgz4yg1y sK7SmIIoxlTbSWqj3XFsNTh7Wfbdrw9Mr98zBqhhJqGZ9HxJs2P5jZX7qH20GpvS NdzW58jehjed18CEBrYNuOvFrZE9vBYQL4BbwllsRO4Ya9OANgHcx0QPVIZG9nYG UTK08sr79NlWcR2WQilnT4QYcGLKaU89dt2nPRqktbYr+bpgaujUGTmjqqwSTAnb J2iwRRlvhVs6McE6qbWj6EVtBHEgsAfO3AcRBEOCFY38Le/3kkQSxDSmNwj5BLlq psh80fc+l803JDffzOY1+UsLcf+QQVnWoG145B9BOlnZZTH0dITVHVp8AVkrZqS9 X04bIM3IM4Bhi0/n0AjmhFRGJWpR1noCSwUvOFCJmDT5UPbaGD+4NEZX0FWFM8qS zUvVvmMuVyZ4OpquD1qQNpRrx6KBa4AQS1rnUHn15NqwkuDIyq5mbhW6wvfs5CGX QtUU/1QMPcHhFvdAssJOPzanre6h/1NMSG/LZHKZQP778ivTdXTFOgAAxHxDgeM0 NyTXbIx+Pp6MdJN5OAnx6MtbXisHQ+946g3poZSGa34+eXDiRKaA2XXhfQLu92Mr NsGfocRed456kKrj4EYrCLL1zzbVFLunsRestOOQdz8gCKIbA7M= =IOhJ - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXa0NgWaOgq3Tt24GAQhxbA/9GhK4ZJFP/uJ1mmNUL6ryzX6lzwqqcIm1 jLQluZ0vqFpPiL5d39AlKYGiQ1xVMTSQdRKo/+sy8EMUMTyI75+Nk0HuK5OH0y8G wtotQ5xqcm7fe8c7LgJ3RYgc2+X6RDGifwxNornqx3aOJJlBPFcc+fkNmdgN/H+K /o96xRyp6fJXhhWPGpbLHEi8mP6DdGNBOCCSp5jUveyqpbBTLN3TBxYcvgAwLFAZ fUDes3tQuq58Okl4Xibdtr9ljoCiuMbQezwj0D7BAJNseR+0OGo8uO+weKAqLk54 4JnHIjD3og6OlKHesA4FBedAnm4HsyUxjivhpW+oCnXaufU0gDUKCdRnX+TBdoOA YyuZIfaw8D73Z2oZY6SyKkaOOeJ0yF74q9vvoh4sBo13aMWtkzLyyRf/nqmXt3Zv jnfsSeRmU2QE7BvsTRWfb+DQ3FpTfvc3wkBu6orlfMAXg1+8OpHJN1kIusNlxiyw elnqsl0muGmvIswRkre6BRzbODt7BIPmokV+E2wrZe9RtZF2k4VUnocB1cCseT4N IF68CCXfcsxLSkdMZwpvMsDqhGrMP/qbTsioy8sB5sr2Y4FalenjGQbhK/r6r7hc nolJTAIh3KD3NSP5geZnkILglSC14bhMrWm0UX0vaHDvqr7+zs5CKJUMyclK2vAf fnPrqJyYDds= =Wl0y -----END PGP SIGNATURE-----