MGASA-2023-0241

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2023-0241.html

Import Source

https://advisories.mageia.org/MGASA-2023-0241.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2023-0241

Related

Published

2023-07-26T22:07:49Z

Modified

2023-07-26T20:57:19Z

Summary

Updated mediawiki packages fix security vulnerability

Details

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline (\n) into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n (CVE-2023-29197).

Manualthumb bypasses badFile lookup (CVE-2023-36674).

XSS in BlockLogFormatter due to unsafe message use (CVE-2023-36675).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2023-0241

Affected packages