[ASA-201809-5] mediawiki: multiple issues

Jelle van der Waa jelle at archlinux.org
Fri Sep 28 18:18:09 UTC 2018


Arch Linux Security Advisory ASA-201809-5
=========================================

Severity: Medium
Date    : 2018-09-25
CVE-ID  : CVE-2018-0503 CVE-2018-0505 CVE-2018-13258
Package : mediawiki
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-765

Summary
=======

The package mediawiki before version 1.31.1-1 is vulnerable to multiple
issues including access restriction bypass and information disclosure.

Resolution
==========

Upgrade to 1.31.1-1.

# pacman -Syu "mediawiki>=1.31.1-1"

The problems have been fixed upstream in version 1.31.1.

Workaround
==========

None.

Description
===========

- CVE-2018-0503 (access restriction bypass)

A security issue has been found in the rate limiting feature of
mediawiki < 1.31.1 where, contrary to the documentation, $wgRateLimits
entry for 'user' overrides that for 'newbie'.

- CVE-2018-0505 (access restriction bypass)

A security issue has been found in mediawiki < 1.31.1 where BotPassword
can bypass CentralAuth's account lock.

- CVE-2018-13258 (information disclosure)

A security issue has been found in mediawiki < 1.31.1 where the tarball
is missing .htaccess files used to protect some directories that
shouldn't be web accessible.

Impact
======

A remote attacker is able to bypass access restrictions put in place by
the site administrator and/or gain access to restricted content.

References
==========

https://www.mediawiki.org/wiki/Release_notes/1.31
https://phabricator.wikimedia.org/T169545
https://github.com/wikimedia/mediawiki/commit/befd48c5f7d3d073de96c87375d7380f6187deb6
https://phabricator.wikimedia.org/T194605
https://github.com/wikimedia/mediawiki/commit/ff6b4cb35c1944870fcd3cc525884790c20819b3
https://phabricator.wikimedia.org/T199029
https://github.com/wikimedia/mediawiki/commit/b78d595feecf9de919258b659628ca7dd872b3f4
https://security.archlinux.org/CVE-2018-0503
https://security.archlinux.org/CVE-2018-0505
https://security.archlinux.org/CVE-2018-13258
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20180928/1c2f7d51/attachment.asc>


More information about the arch-security mailing list