Detections
Analytics

Debian dsa-5651 : mediawiki - security update

high Nessus Plugin ID 192729

Language:

Synopsis

The remote Debian host is missing a security-related update.

Description

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5651 advisory.

 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5651-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 31, 2024 https://www.debian.org/security/faq
 - -------------------------------------------------------------------------

 Package : mediawiki CVE ID : not yet available

 Two security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting or denial of service.

 For the oldstable distribution (bullseye), this problem has been fixed in version 1:1.35.13-1+deb11u2.

 For the stable distribution (bookworm), this problem has been fixed in version 1:1.39.7-1~deb12u1.

 We recommend that you upgrade your mediawiki packages.

 For the detailed security status of mediawiki please refer to its security tracker page at:
 https://security-tracker.debian.org/tracker/mediawiki

 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

 Mailing list: [email protected]
 -----BEGIN PGP SIGNATURE-----

 iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmYJtD4ACgkQEMKTtsN8 TjZxJA//c0hvMWL9Z5zN5rxn3K+Zc6SL9EjbOsWuOcpGWInkdNGKFL1ohLsoWKo5 tZRA/KuGv9LNMJU/StYbb10s7yuSsHWnJ3/DXXs7LV9voOam4SCyOQoSQ1/VOL2I pdzycN9algbPXxMUYTu9NA1ogSFrjLvdFDpcEmzl2bnhlVLV554a1DeLY7S9PFyH 7Z89KbcDq/SJg1qXArvUNyCPnfdEAdfJgzuOoFECGDOwloFEy89zShZK03FiylJ+ o0kGzDOk0Knk9cE1vkdLlDVpBg9YaQpA9S4Pv6dCEQm3TYvFPqX6sbeO0l7cX8TL KntrON2ElMrATzV2o269RuB7CLoIX4KIIG61pEkWDM/ZAvzvPox8XbZqgnNVZiBZ c02SXuvJ0W0HsBhh5mHHSGznWXvh6DxD/pVWR4+TWzs4Il/vdfCStMu8Oaw1Bjnq sJkIgHK3SSGIuxfMYGsiJZ4eK40fJ6+v7b7m2mtaHgpSEgCZyn0dtr70OwkH0slr 7BTpwnWQ/1svGB2aPQ82Wip+dJuap/xRI60tnbT8ipM17Vq8ECeL65ef4R+Atf6L 4cC7TQCMXI66XU/ZYSUpiOs2qYDI9aqzT90EgyQkRnJbbIh4xDd3mqSFIxXVR4d/ J5poHPiVo9Gr8LVldyfDNa2OCdxhJ74DyY+qkgaH43Yb0CmFEak= =YhNf
 -----END PGP SIGNATURE-----



Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade the mediawiki packages.

See Also

https://security-tracker.debian.org/tracker/source-package/mediawiki

https://packages.debian.org/source/bookworm/mediawiki

https://packages.debian.org/source/bullseye/mediawiki

Plugin Details

Severity: High

ID: 192729

File Name: debian_DSA-5651.nasl

Version: 1.3

Type: local

Agent: unix

Published: 3/31/2024

Updated: 1/24/2025

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Vulnerability Information

CPE: cpe:/o:debian:debian_linux:11.0, cpe:/o:debian:debian_linux:12.0, p-cpe:/a:debian:debian_linux:mediawiki-classes, p-cpe:/a:debian:debian_linux:mediawiki

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 3/31/2024

Vulnerability Publication Date: 3/31/2024