1. Home
  2. Security Advisories
  3. Fedora
  4. FEDORA-2018-f4b65fc7cd

[FEDORA-2018-f4b65fc7cd] Fedora 29: mediawiki

Severity Medium
Affected Packages 1
CVEs 3
Info Packages References Vulnerabilities

https://www.mediawiki.org/wiki/Release_notes/1.29#MediaWiki_1.29.3 -
(T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides
'newbie'. - (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass
CentralAuth's account lock. - (T180551) Fix LanguageSrTest for language
converter - (T180552) Fix langauge converter parser test with self-close tags
- (T180537) Remove $wgAuth usage from wrapOldPasswords.php - (T180485)
InputBox: Have inputbox langconvert certain attributes - (T161732, T181547)
Upgraded Moment.js from v2.15.0 to v2.19.3. - (T172927) Drop vendor from MW
release branch - (T87572) Make FormatMetadata::flattenArrayReal() work for an
associative array - Updated composer/spdx-licenses from 1.1.4 to 1.3.0
(development dependency). - (T189567) the CLI installer
(maintenance/install.php) learned to detect and include extensions. Pass --with-
extensions to enable that feature. - (T182381) Mask deprecated call in
WatchedItemUnitTest - (T190503) Let built-in web server (maintenance/dev)
handle .php requests. - The karma qunit tests would fail on some
configuration due to headers already sent. Check headers_sent() before sending
cpPosTime headers - (T167507) selenium: Run Chrome headlessly. - selenium:
Pass -no-sandbox to Chrome under Docker - (T191247) Use
MediaWiki\SuppressWarnings around trigger_error() instead @ - (T75174,
T161041) Unit test ChangesListSpecialPageTest::testFilterUserExpLevel fails
under SQLite. - (T192584) Stop incorrectly passing USE INDEX to
RecentChange::newFromConds(). - (T179190) selenium: Move test running logic
from package.json to selenium.sh. - (T117839, T193200) PDFHandler: Fix for
pdfinfo changes in poppler-utils 0.48. - Add default edit rate limit of 90
edits/minute for all users. - (T196125) php-memcached 3.0 (provided with PHP
7.0) is now supported. - (T196672) The mtime of extension.json files is now
able to be zero - (T180403) Validate $length in padleft/padright parser
functions. - (T143790) Make $wgEmailConfirmToEdit only affect edit actions. -
(T194237) Special:BotPasswords now requires reauthentication. - (T191608,
T187638) Add 'logid' parameter to Special:Log. - (T176097) resourceloader:
Disable a flaky MessageBlobStoreTest case - (T193829) Indicate when a Bot
Password needs reset. - (T151415) Log email changes. - (T118420) Unbreak
Oracle installer.

Package Affected Version
pkg:rpm/fedora/mediawiki?distro=fedora-29 < 1.29.3.1.fc29
ID
FEDORA-2018-f4b65fc7cd
Severity
medium
Severity from
CVE-2018-0505
URL
https://bodhi.fedoraproject.org/updates/FEDORA-2018-f4b65fc7cd
Published
2018-10-07T21:02:44
(6 years ago)
Modified
2018-10-07T21:02:44
(6 years ago)
Rights
Copyright 2018 Red Hat, Inc.
Other Advisories
Source # ID Name URL
Bugzilla 1634167 Bug #1634167 - CVE-2018-0505 mediawiki: BotPassword can bypass CentralAuth's account lock [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1634167
Bugzilla 1634170 Bug #1634170 - CVE-2018-0504 mediawiki: Information exposure when a log event is (partially) hidden [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1634170
Bugzilla 1634162 Bug #1634162 - CVE-2018-0503 mediawiki: $wgRateLimits (rate limit / ping limiter) entry for 'user' overrides that for 'newbie' [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1634162
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/fedora/mediawiki?distro=fedora-29 fedora mediawiki < 1.29.3.1.fc29 fedora-29
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date