[ASA-201809-5] mediawiki: multiple issues
Jelle van der Waa
jelle at archlinux.org
Fri Sep 28 18:18:09 UTC 2018
Arch Linux Security Advisory ASA-201809-5
=========================================
Severity: Medium
Date : 2018-09-25
CVE-ID : CVE-2018-0503 CVE-2018-0505 CVE-2018-13258
Package : mediawiki
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-765
Summary
=======
The package mediawiki before version 1.31.1-1 is vulnerable to multiple
issues including access restriction bypass and information disclosure.
Resolution
==========
Upgrade to 1.31.1-1.
# pacman -Syu "mediawiki>=1.31.1-1"
The problems have been fixed upstream in version 1.31.1.
Workaround
==========
None.
Description
===========
- CVE-2018-0503 (access restriction bypass)
A security issue has been found in the rate limiting feature of
mediawiki < 1.31.1 where, contrary to the documentation, $wgRateLimits
entry for 'user' overrides that for 'newbie'.
- CVE-2018-0505 (access restriction bypass)
A security issue has been found in mediawiki < 1.31.1 where BotPassword
can bypass CentralAuth's account lock.
- CVE-2018-13258 (information disclosure)
A security issue has been found in mediawiki < 1.31.1 where the tarball
is missing .htaccess files used to protect some directories that
shouldn't be web accessible.
Impact
======
A remote attacker is able to bypass access restrictions put in place by
the site administrator and/or gain access to restricted content.
References
==========
https://www.mediawiki.org/wiki/Release_notes/1.31
https://phabricator.wikimedia.org/T169545
https://github.com/wikimedia/mediawiki/commit/befd48c5f7d3d073de96c87375d7380f6187deb6
https://phabricator.wikimedia.org/T194605
https://github.com/wikimedia/mediawiki/commit/ff6b4cb35c1944870fcd3cc525884790c20819b3
https://phabricator.wikimedia.org/T199029
https://github.com/wikimedia/mediawiki/commit/b78d595feecf9de919258b659628ca7dd872b3f4
https://security.archlinux.org/CVE-2018-0503
https://security.archlinux.org/CVE-2018-0505
https://security.archlinux.org/CVE-2018-13258
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20180928/1c2f7d51/attachment.asc>
More information about the arch-security
mailing list