1. Home
  2. Security Advisories
  3. Fedora
  4. FEDORA-2024-2c564b942d

[FEDORA-2024-2c564b942d] Fedora 40: php-wikimedia-utfnormal, mediawiki, php-wikimedia-cdb, php-oojs-oojs-ui

Severity Critical
Affected Packages 4
CVEs 8
Info Packages References Vulnerabilities

https://www.mediawiki.org/wiki/Release_notes/1.41

Package Affected Version
pkg:rpm/fedora/php-wikimedia-utfnormal?distro=fedora-40 < 4.0.0.1.fc40
pkg:rpm/fedora/php-wikimedia-cdb?distro=fedora-40 < 3.0.0.1.fc40
pkg:rpm/fedora/php-oojs-oojs-ui?distro=fedora-40 < 0.48.1.1.fc40
pkg:rpm/fedora/mediawiki?distro=fedora-40 < 1.41.1.1.fc40
ID
FEDORA-2024-2c564b942d
Severity
critical
Severity from
CVE-2024-34502
URL
https://bodhi.fedoraproject.org/updates/FEDORA-2024-2c564b942d
Published
2024-05-11T01:32:03
(4 months ago)
Modified
2024-05-11T01:32:03
(4 months ago)
Rights
Copyright 2024 Red Hat, Inc.
Other Advisories
Source # ID Name URL
Bugzilla 2241397 Bug #2241397 - mediawiki-1.41.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2241397
Bugzilla 2278774 Bug #2278774 - mediawiki: denial of service via GET request to Special:MovePage [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2278774
Bugzilla 2255583 Bug #2255583 - CVE-2023-51704 mediawiki: group-.*-member messages are not properly escaped on Special:log/rights [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2255583
Bugzilla 2279230 Bug #2279230 - CVE-2024-34507 mediawiki: cross-site scripting [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2279230
Bugzilla 2279234 Bug #2279234 - CVE-2024-34500 mediawiki: XSS through interface message in UnlinkedWikibase [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2279234
Bugzilla 2247806 Bug #2247806 - CVE-2023-45362 mediawiki: diff-multi-sameuser ("X intermediate revisions by the same user not shown") ignores username suppression [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247806
Bugzilla 2247804 Bug #2247804 - CVE-2023-45360 mediawiki: XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247804
Bugzilla 2261492 Bug #2261492 - php-oojs-oojs-ui: FTBFS in Fedora rawhide/f40 https://bugzilla.redhat.com/show_bug.cgi?id=2261492
Bugzilla 2279239 Bug #2279239 - CVE-2024-34502 mediawiki: MergeLexemes makes edits on GET requests without edit tokens [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2279239
Bugzilla 2240808 Bug #2240808 - CVE-2023-3550 mediawiki: stored XSS leads to privilege escalation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2240808
Bugzilla 2279232 Bug #2279232 - CVE-2024-34506 mediawiki: denial of service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2279232
Bugzilla 2278773 Bug #2278773 - mediawiki: XSS in edit summary parser [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2278773
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/fedora/php-wikimedia-utfnormal?distro=fedora-40 fedora php-wikimedia-utfnormal < 4.0.0.1.fc40 fedora-40
Affected pkg:rpm/fedora/php-wikimedia-cdb?distro=fedora-40 fedora php-wikimedia-cdb < 3.0.0.1.fc40 fedora-40
Affected pkg:rpm/fedora/php-oojs-oojs-ui?distro=fedora-40 fedora php-oojs-oojs-ui < 0.48.1.1.fc40 fedora-40
Affected pkg:rpm/fedora/mediawiki?distro=fedora-40 fedora mediawiki < 1.41.1.1.fc40 fedora-40
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date