Advisories ยป MGASA-2016-0305

Updated mediawiki packages fix security vulnerability

Publication date: 16 Sep 2016
Modification date: 08 Sep 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-6331 , CVE-2016-6332 , CVE-2016-6333 , CVE-2016-6334 , CVE-2016-6335 , CVE-2016-6336

Description

Check read permission when loading page content in ApiParse
(CVE-2016-6331)

Make blocks log users out if $wgBlockDisablesLogin is true (CVE-2016-6332)

Make $wgBlockDisablesLogin also restrict logged in permissions
(CVE-2016-6332)

Require login to preview user CSS pages (CVE-2016-6333)

Escape '<' and ']]>' in inline