Updated mediawiki packages fix security vulnerabilities
Publication date: 03 Nov 2018Modification date: 03 Nov 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-0503 , CVE-2018-0504 , CVE-2018-0505
Description
Updated mediawiki packages fix security vulnerabilities: '$wgRateLimits' entry for 'user' overrides 'newbie' (CVE-2018-0503). When a log event is (partially) hidden Special:Redirect/logid can link to the incorrect log and reveal hidden information (CVE-2018-0504). BotPasswords can bypass CentralAuth's account lock (CVE-2018-0505).
References
- https://bugs.mageia.org/show_bug.cgi?id=23662
- https://lists.wikimedia.org/pipermail/mediawiki-announce/2018-September/000223.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0503
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0504
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0505
SRPMS
6/core
- mediawiki-1.27.5-1.mga6