Debian has issued an advisory on October 1:
The issues are fixed upstream in 1.35.4:
Mageia 8 is also affected.
Fixed upstream in 1.35.4CC:
The updated packages fix a security vulnerability:
XSS vulnerability in Special:Search. (CVE-2021-41798)
ApiQueryBacklinks can cause a full table scan. (CVE-2021-41799)
Fix PoolCounter protection of Special:Contributions. (CVE-2021-41800)
ReplaceText continues performing actions if the user no longer has the correct permission (such as by being blocked). (CVE-2021-41801)
Updated packages in core/updates_testing:
CVE-2021-41798, CVE-2021-41799, CVE-2021-41800, CVE-2021-41801Assignee:
Fixed upstream in 1.35.4 =>
MGA8-64 Plasma on Lenovo B50
No installation issues.
Made sure mysql and httpd were running.
Had problem getting into mysql, uninstalled, deleted all files for it from /etc and /var/lib, reinstalled, still no joy. Found out googling that I had to
# systemctl enable mysqld.service
Created symlink /etc/systemd/system/multi-user.target.wants/mysqld.service → /usr/lib/systemd/system/mysqld.service.
This was new to me, or I forgot....
# systemctl start mysqld
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.
This let me define my password for root and then I could proceed with the steps in the Wiki OK.
All is well that ends wel.
Fedora has issued an advisory for this on October 12:
An update for this issue has been pushed to the Mageia Updates repository.