Sicherheit: Mehrere Probleme in mediawiki
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in mediawiki
ID: FEDORA-2018-edf90410ea
Distribution: Fedora
Plattformen: Fedora 27
Datum: Mo, 8. Oktober 2018, 08:13
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0504
Applikationen: MediaWiki


Fedora Update Notification
2018-10-07 21:10:49.841625

Name : mediawiki
Product : Fedora 27
Version : 1.29.3
Release : 1.fc27
URL : http://www.mediawiki.org/
Summary : A wiki engine
Description :
MediaWiki is the software used for Wikipedia and the other Wikimedia
Foundation websites. Compared to other wikis, it has an excellent
range of features and support for high-traffic websites using multiple

This package supports wiki farms. Read the instructions for creating wiki
instances under /usr/share/doc/mediawiki/README.RPM.
Remember to remove the config dir after completing the configuration.

Update Information:

https://www.mediawiki.org/wiki/Release_notes/1.29#MediaWiki_1.29.3 -
(T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user'
'newbie'. - (T194605, CVE-2018-0505) SECURITY: BotPasswords can
CentralAuth's account lock. - (T180551) Fix LanguageSrTest for language
converter - (T180552) Fix langauge converter parser test with self-close
- (T180537) Remove $wgAuth usage from wrapOldPasswords.php - (T180485)
InputBox: Have inputbox langconvert certain attributes - (T161732, T181547)
Upgraded Moment.js from v2.15.0 to v2.19.3. - (T172927) Drop vendor from MW
release branch - (T87572) Make FormatMetadata::flattenArrayReal() work for
associative array - Updated composer/spdx-licenses from 1.1.4 to 1.3.0
(development dependency). - (T189567) the CLI installer
(maintenance/install.php) learned to detect and include extensions. Pass
extensions to enable that feature. - (T182381) Mask deprecated call in
WatchedItemUnitTest - (T190503) Let built-in web server (maintenance/dev)
handle .php requests. - The karma qunit tests would fail on some
configuration due to headers already sent. Check headers_sent() before sending
cpPosTime headers - (T167507) selenium: Run Chrome headlessly. -
Pass -no-sandbox to Chrome under Docker - (T191247) Use
MediaWiki\SuppressWarnings around trigger_error() instead @ - (T75174,
T161041) Unit test ChangesListSpecialPageTest::testFilterUserExpLevel fails
under SQLite. - (T192584) Stop incorrectly passing USE INDEX to
RecentChange::newFromConds(). - (T179190) selenium: Move test running logic
from package.json to selenium.sh. - (T117839, T193200) PDFHandler: Fix for
pdfinfo changes in poppler-utils 0.48. - Add default edit rate limit of 90
edits/minute for all users. - (T196125) php-memcached 3.0 (provided with PHP
7.0) is now supported. - (T196672) The mtime of extension.json files is now
able to be zero - (T180403) Validate $length in padleft/padright parser
functions. - (T143790) Make $wgEmailConfirmToEdit only affect edit actions.
(T194237) Special:BotPasswords now requires reauthentication. - (T191608,
T187638) Add 'logid' parameter to Special:Log. - (T176097)
Disable a flaky MessageBlobStoreTest case - (T193829) Indicate when a Bot
Password needs reset. - (T151415) Log email changes. - (T118420) Unbreak
Oracle installer.

* Fri Sep 28 2018 Michael Cronenworth <mike@cchtml.com> - 1.29.3-1
- Update to 1.29.3
- https://www.mediawiki.org/wiki/Release_notes/1.29#MediaWiki_1.29.3
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> -
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Feb 8 2018 Fedora Release Engineering <releng@fedoraproject.org> -
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Mon Nov 20 2017 Michael Cronenworth <mike@cchtml.com> - 1.29.2-2
- Add links to new libraries (rhbz#1515022)
* Thu Nov 16 2017 Michael Cronenworth <mike@cchtml.com> - 1.29.2-1
- Update to 1.29.2

[ 1 ] Bug #1634162 - CVE-2018-0503 mediawiki: $wgRateLimits (rate limit /
ping limiter) entry for 'user' overrides that for 'newbie' [fedora-all]
[ 2 ] Bug #1634167 - CVE-2018-0505 mediawiki: BotPassword can bypass
CentralAuth's account lock [fedora-all]
[ 3 ] Bug #1634170 - CVE-2018-0504 mediawiki: Information exposure when a log
event is (partially) hidden [fedora-all]

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-edf90410ea' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Pro-Linux @Facebook
Neue Nachrichten