[ASA-201809-5] mediawiki: multiple issues

🗓️ 25 Sep 2018 00:00:00Reported by ArchLinuxType

archlinux

archlinux🔗 security.archlinux.org👁 26 Views

Update mediawiki to version 1.31.1-1 to fix access restriction bypass and information disclosur

Reporter	Title	Published	Views	Family All 87
FreeBSD	mediawiki -- multiple vulnerabilities	29 Aug 201800:00	–	freebsd
CNVD	MediaWiki Security Control Bypass Vulnerability	21 Sep 201800:00	–	cnvd
CNVD	MediaWiki Restriction Bypass Vulnerability	21 Sep 201800:00	–	cnvd
CVE	CVE-2018-0503	4 Oct 201820:00	–	cve
CVE	CVE-2018-0505	4 Oct 201820:00	–	cve
CVE	CVE-2018-13258	4 Oct 201820:00	–	cve
Cvelist	CVE-2018-0503 $wgRateLimits entry for 'user' overrides 'newbie'	4 Oct 201820:00	–	cvelist
Cvelist	CVE-2018-0505 BotPasswords can bypass CentralAuth's account lock	4 Oct 201820:00	–	cvelist
Cvelist	CVE-2018-13258 Tarball was missing .htaccess files	4 Oct 201820:00	–	cvelist
ALT Linux	Security fix for the ALT Linux 9 package mediawiki version 1.31.1-alt1	29 Sep 201800:00	–	altlinux

OS	OS Version	Architecture	Package	Package Version	Filename
Arch Linux	–	any	mediawiki	1.31.1-1	mediawiki-1.31.1-1-any.pkg.tar.zst

Source	Link
security	www.security.archlinux.org/AVG-765
mediawiki	www.mediawiki.org/wiki/Release_notes/1.31
phabricator	www.phabricator.wikimedia.org/T169545
github	www.github.com/wikimedia/mediawiki/commit/befd48c5f7d3d073de96c87375d7380f6187deb6
phabricator	www.phabricator.wikimedia.org/T194605
github	www.github.com/wikimedia/mediawiki/commit/ff6b4cb35c1944870fcd3cc525884790c20819b3
phabricator	www.phabricator.wikimedia.org/T199029
github	www.github.com/wikimedia/mediawiki/commit/b78d595feecf9de919258b659628ca7dd872b3f4
security	www.security.archlinux.org/CVE-2018-0503
security	www.security.archlinux.org/CVE-2018-0505

25 Sep 2018 00:00Current

0.9Low risk

Vulners AI Score0.9

CVSS 25

CVSS 36.5

EPSS0.00427

mediawiki security update access restriction bypass information disclosure cve-2018-0503 cve-2018-0505 cve-2018-13258 arch linux