MGASA-2023-0241

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2023-0241.html

Import Source

https://advisories.mageia.org/MGASA-2023-0241.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2023-0241

Related

Published

2023-07-26T22:07:49Z

Modified

2023-07-26T20:57:19Z

Summary

Updated mediawiki packages fix security vulnerability

Details

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline (\n) into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n (CVE-2023-29197).

Manualthumb bypasses badFile lookup (CVE-2023-36674).

XSS in BlockLogFormatter due to unsafe message use (CVE-2023-36675).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / mediawiki

Package

Name: mediawiki
Purl: pkg:rpm/mageia/mediawiki?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.35.11-1.mga8

Ecosystem specific

{
    "section": "core"
}