Mageia Advisory: MGASA-2016-0305 - Updated mediawiki packages fix security vulnerability

Updated mediawiki packages fix security vulnerability

Publication date: 16 Sep 2016
Modification date: 08 Sep 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-6331 , CVE-2016-6332 , CVE-2016-6333 , CVE-2016-6334 , CVE-2016-6335 , CVE-2016-6336

Description

Check read permission when loading page content in ApiParse
(CVE-2016-6331)

Make blocks log users out if $wgBlockDisablesLogin is true (CVE-2016-6332)

Make $wgBlockDisablesLogin also restrict logged in permissions
(CVE-2016-6332)

Require login to preview user CSS pages (CVE-2016-6333)

Escape '<' and ']]>' in inline <style> blocks (CVE-2016-6333)

XSS in unclosed internal links (CVE-2016-6334)

API: Generate head items in the context of the given title (CVE-2016-6335)

Do not allow undeleting a revision deleted file if it is the top file
(CVE-2016-6336)

The mediawiki package has been updated to version 1.23.15, which contains
the above fixes.

References

https://bugs.mageia.org/show_bug.cgi?id=19252
https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6331
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6332
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6333
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6334
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6335
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6336

SRPMS

5/core

mediawiki-1.23.15-1.mga5

Advisories » MGASA-2016-0305

Updated mediawiki packages fix security vulnerability

Description

References

SRPMS

5/core