Sicherheit: Mehrere Probleme in mediawiki
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in mediawiki
ID: FEDORA-2018-f4b65fc7cd
Distribution: Fedora
Plattformen: Fedora 29
Datum: Mo, 8. Oktober 2018, 07:51
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0504
Applikationen: MediaWiki


Fedora Update Notification
2018-10-07 20:57:29.701714

Name : mediawiki
Product : Fedora 29
Version : 1.29.3
Release : 1.fc29
URL : http://www.mediawiki.org/
Summary : A wiki engine
Description :
MediaWiki is the software used for Wikipedia and the other Wikimedia
Foundation websites. Compared to other wikis, it has an excellent
range of features and support for high-traffic websites using multiple

This package supports wiki farms. Read the instructions for creating wiki
instances under /usr/share/doc/mediawiki/README.RPM.
Remember to remove the config dir after completing the configuration.

Update Information:

https://www.mediawiki.org/wiki/Release_notes/1.29#MediaWiki_1.29.3 -
(T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user'
'newbie'. - (T194605, CVE-2018-0505) SECURITY: BotPasswords can
CentralAuth's account lock. - (T180551) Fix LanguageSrTest for language
converter - (T180552) Fix langauge converter parser test with self-close
- (T180537) Remove $wgAuth usage from wrapOldPasswords.php - (T180485)
InputBox: Have inputbox langconvert certain attributes - (T161732, T181547)
Upgraded Moment.js from v2.15.0 to v2.19.3. - (T172927) Drop vendor from MW
release branch - (T87572) Make FormatMetadata::flattenArrayReal() work for
associative array - Updated composer/spdx-licenses from 1.1.4 to 1.3.0
(development dependency). - (T189567) the CLI installer
(maintenance/install.php) learned to detect and include extensions. Pass
extensions to enable that feature. - (T182381) Mask deprecated call in
WatchedItemUnitTest - (T190503) Let built-in web server (maintenance/dev)
handle .php requests. - The karma qunit tests would fail on some
configuration due to headers already sent. Check headers_sent() before sending
cpPosTime headers - (T167507) selenium: Run Chrome headlessly. -
Pass -no-sandbox to Chrome under Docker - (T191247) Use
MediaWiki\SuppressWarnings around trigger_error() instead @ - (T75174,
T161041) Unit test ChangesListSpecialPageTest::testFilterUserExpLevel fails
under SQLite. - (T192584) Stop incorrectly passing USE INDEX to
RecentChange::newFromConds(). - (T179190) selenium: Move test running logic
from package.json to selenium.sh. - (T117839, T193200) PDFHandler: Fix for
pdfinfo changes in poppler-utils 0.48. - Add default edit rate limit of 90
edits/minute for all users. - (T196125) php-memcached 3.0 (provided with PHP
7.0) is now supported. - (T196672) The mtime of extension.json files is now
able to be zero - (T180403) Validate $length in padleft/padright parser
functions. - (T143790) Make $wgEmailConfirmToEdit only affect edit actions.
(T194237) Special:BotPasswords now requires reauthentication. - (T191608,
T187638) Add 'logid' parameter to Special:Log. - (T176097)
Disable a flaky MessageBlobStoreTest case - (T193829) Indicate when a Bot
Password needs reset. - (T151415) Log email changes. - (T118420) Unbreak
Oracle installer.

[ 1 ] Bug #1634170 - CVE-2018-0504 mediawiki: Information exposure when a log
event is (partially) hidden [fedora-all]
[ 2 ] Bug #1634167 - CVE-2018-0505 mediawiki: BotPassword can bypass
CentralAuth's account lock [fedora-all]
[ 3 ] Bug #1634162 - CVE-2018-0503 mediawiki: $wgRateLimits (rate limit /
ping limiter) entry for 'user' overrides that for 'newbie' [fedora-all]

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-f4b65fc7cd' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Pro-Linux @Twitter
Neue Nachrichten