PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension.
CVE-2017-7577
XiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a “GET ../” HTTP request.
mediawiki-1.27.2-1.fc25
* (T109140) (T122209) Special:UserLogin and Special:Search allow redirect
to interwiki links. (CVE-2017-0363, CVE-2017-0364)
* (T144845) XSS in SearchHighlighter::highlightText() when
$wgAdvancedSearchHighlighting is true. (CVE-2017-0365)
* (T125177) API parameters may now be marked as “sensitive” to keep
their values out of the logs. (CVE-2017-0361)
* (T150044) “Mark all pages visited” on the watchlist now requires a CSRF
token. (CVE-2017-0362)
* (T156184) Escape content model/format url parameter in message.
(CVE-2017-0368)
* (T151735) SVG filter evasion using default attribute values in DTD
declaration. (CVE-2017-0366)
* (T48143) Spam blacklist ineffective on encoded URLs inside file inclusion
syntax’s link parameter. (CVE-2017-0370)
* (T108138) Sysops can undelete pages, although the page is protected
against
it. (CVE-2017-0369)
The following only affects 1.27 and above and is not included in the 1.23
upgrade:
* (T161453) LocalisationCache will no longer use the temporary directory
in its fallback chain when trying to work out where to write the cache.
(CVE-2017-0367)
The following fix is for the SyntaxHighlight extension:
* (T158689) Parameters injection in SyntaxHighlight results in multiple
vulnerabilities.
(CVE-2017-0372)
mediawiki-1.28.1-2.fc26
https://www.mediawiki.org/wiki/Release_notes/1.28#MediaWiki_1.28.1
Changes since 1.28.0
* $wgRunJobsAsync is now false by default (T142751). This change only affects wikis with $wgJobRunRate > 0.
* Fix fatal from “WaitConditionLoop” not being found, experienced when a wiki has more than one database server setup.
* (T152717) Better escaping for PHP mail() command
* (T154670) A missing method causing the MySQL installer to fatal in rare circumstances was restored.
* (T154672) Un-deprecate ArticleAfterFetchContentObject hook.
* (T158766) Avoid SQL error on MSSQL when using selectRowCount()
* (T145635) Fix too long index error when installing with MSSQL
* (T156184) $wgRawHtml will no longer apply to internationalization messages.
* (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is installed.
* (T154872) Fix incorrect ar_usertext_timestamp index names in new 1.28 installs.
* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow redirect to interwiki links.
* (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when $wgAdvancedSearchHighlighting is true.
* (T125177) SECURITY: API parameters may now be marked as “sensitive” to keep their values out of the logs.
* (T150044) SECURITY: “Mark all pages visited” on the watchlist now requires a CSRF token.
* (T156184) SECURITY: Escape content model/format url parameter in message.
* (T151735) SECURITY: SVG filter evasion using default attribute values in DTD declaration.
* (T161453) SECURITY: LocalisationCache will no longer use the temporary directory in it’s fallback chain when trying to work out where to write the cache.
* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file inclusion syntax’s link parameter.
mediawiki-1.28.1-1.fc26
https://www.mediawiki.org/wiki/Release_notes/1.28#MediaWiki_1.28.1
Changes since 1.28.0
* $wgRunJobsAsync is now false by default (T142751). This change only affects wikis with $wgJobRunRate > 0.
* Fix fatal from “WaitConditionLoop” not being found, experienced when a wiki has more than one database server setup.
* (T152717) Better escaping for PHP mail() command
* (T154670) A missing method causing the MySQL installer to fatal in rare circumstances was restored.
* (T154672) Un-deprecate ArticleAfterFetchContentObject hook.
* (T158766) Avoid SQL error on MSSQL when using selectRowCount()
* (T145635) Fix too long index error when installing with MSSQL
* (T156184) $wgRawHtml will no longer apply to internationalization messages.
* (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is installed.
* (T154872) Fix incorrect ar_usertext_timestamp index names in new 1.28 installs.
* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow redirect to interwiki links.
* (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when $wgAdvancedSearchHighlighting is true.
* (T125177) SECURITY: API parameters may now be marked as “sensitive” to keep their values out of the logs.
* (T150044) SECURITY: “Mark all pages visited” on the watchlist now requires a CSRF token.
* (T156184) SECURITY: Escape content model/format url parameter in message.
* (T151735) SECURITY: SVG filter evasion using default attribute values in DTD declaration.
* (T161453) SECURITY: LocalisationCache will no longer use the temporary directory in it’s fallback chain when trying to work out where to write the cache.
* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file inclusion syntax’s link parameter.
DSA-3827 jasper – security update
Multiple vulnerabilities have been discovered in the JasPer library for
processing JPEG-2000 images, which may result in denial of service or
the execution of arbitrary code if a malformed image is processed.
Vuln: HP Business Process Monitor CVE-2017-5801 Unspecified Unauthorized Access Vulnerability
HP Business Process Monitor CVE-2017-5801 Unspecified Unauthorized Access Vulnerability
Vuln: Google Android Qualcomm Kyro L2 Driver CVE-2017-6423 Privilege Escalation Vulnerability
Google Android Qualcomm Kyro L2 Driver CVE-2017-6423 Privilege Escalation Vulnerability
Vuln: Marel Food Processing Systems Security Bypass and Arbitrary File Upload Vulnerabilities
Marel Food Processing Systems Security Bypass and Arbitrary File Upload Vulnerabilities
Vuln: Linux Kernel 'digi_acceleport.c' Local Denial of Service Vulnerability
Linux Kernel ‘digi_acceleport.c’ Local Denial of Service Vulnerability