Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.3910
mediawiki security update
21 October 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: mediawiki
Publisher: Debian
Operating System: Debian GNU/Linux 9
Debian GNU/Linux 10
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2019-16738
Original Bulletin:
http://www.debian.org/security/2019/dsa-4545
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running mediawiki check for an updated version of the software for
their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4545-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 18, 2019 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : mediawiki
CVE ID : CVE-2019-16738
It was discovered that the Special:Redirect functionality of MediaWiki,
a website engine for collaborative work, could expose suppressed user
names, resulting in an information leak.
For the oldstable distribution (stretch), this problem has been fixed
in version 1:1.27.7-1~deb9u2.
For the stable distribution (buster), this problem has been fixed in
version 1:1.31.4-1~deb10u1.
We recommend that you upgrade your mediawiki packages.
For the detailed security status of mediawiki please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mediawiki
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl2p/k4ACgkQEMKTtsN8
TjaraA//fhUy/HUmMee1OYPOjO4eEzx4PjY6MVikMCIDZb1IS7l9HDw6Vgz4yg1y
sK7SmIIoxlTbSWqj3XFsNTh7Wfbdrw9Mr98zBqhhJqGZ9HxJs2P5jZX7qH20GpvS
NdzW58jehjed18CEBrYNuOvFrZE9vBYQL4BbwllsRO4Ya9OANgHcx0QPVIZG9nYG
UTK08sr79NlWcR2WQilnT4QYcGLKaU89dt2nPRqktbYr+bpgaujUGTmjqqwSTAnb
J2iwRRlvhVs6McE6qbWj6EVtBHEgsAfO3AcRBEOCFY38Le/3kkQSxDSmNwj5BLlq
psh80fc+l803JDffzOY1+UsLcf+QQVnWoG145B9BOlnZZTH0dITVHVp8AVkrZqS9
X04bIM3IM4Bhi0/n0AjmhFRGJWpR1noCSwUvOFCJmDT5UPbaGD+4NEZX0FWFM8qS
zUvVvmMuVyZ4OpquD1qQNpRrx6KBa4AQS1rnUHn15NqwkuDIyq5mbhW6wvfs5CGX
QtUU/1QMPcHhFvdAssJOPzanre6h/1NMSG/LZHKZQP778ivTdXTFOgAAxHxDgeM0
NyTXbIx+Pp6MdJN5OAnx6MtbXisHQ+946g3poZSGa34+eXDiRKaA2XXhfQLu92Mr
NsGfocRed456kKrj4EYrCLL1zzbVFLunsRestOOQdz8gCKIbA7M=
=IOhJ
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXa0NgWaOgq3Tt24GAQhxbA/9GhK4ZJFP/uJ1mmNUL6ryzX6lzwqqcIm1
jLQluZ0vqFpPiL5d39AlKYGiQ1xVMTSQdRKo/+sy8EMUMTyI75+Nk0HuK5OH0y8G
wtotQ5xqcm7fe8c7LgJ3RYgc2+X6RDGifwxNornqx3aOJJlBPFcc+fkNmdgN/H+K
/o96xRyp6fJXhhWPGpbLHEi8mP6DdGNBOCCSp5jUveyqpbBTLN3TBxYcvgAwLFAZ
fUDes3tQuq58Okl4Xibdtr9ljoCiuMbQezwj0D7BAJNseR+0OGo8uO+weKAqLk54
4JnHIjD3og6OlKHesA4FBedAnm4HsyUxjivhpW+oCnXaufU0gDUKCdRnX+TBdoOA
YyuZIfaw8D73Z2oZY6SyKkaOOeJ0yF74q9vvoh4sBo13aMWtkzLyyRf/nqmXt3Zv
jnfsSeRmU2QE7BvsTRWfb+DQ3FpTfvc3wkBu6orlfMAXg1+8OpHJN1kIusNlxiyw
elnqsl0muGmvIswRkre6BRzbODt7BIPmokV+E2wrZe9RtZF2k4VUnocB1cCseT4N
IF68CCXfcsxLSkdMZwpvMsDqhGrMP/qbTsioy8sB5sr2Y4FalenjGQbhK/r6r7hc
nolJTAIh3KD3NSP5geZnkILglSC14bhMrWm0UX0vaHDvqr7+zs5CKJUMyclK2vAf
fnPrqJyYDds=
=Wl0y
-----END PGP SIGNATURE-----