Fedora 26 : mediawiki (2017-05cb6287b7)

high Nessus Plugin ID 101564

Language:

Synopsis

The remote Fedora host is missing a security update.

Description

https://www.mediawiki.org/wiki/Release_notes/1.28#MediaWiki_1.28.1

Changes since 1.28.0

- $wgRunJobsAsync is now false by default (T142751). This change only affects wikis with $wgJobRunRate > 0.

- Fix fatal from 'WaitConditionLoop' not being found, experienced when a wiki has more than one database server setup.

- (T152717) Better escaping for PHP mail() command

- (T154670) A missing method causing the MySQL installer to fatal in rare circumstances was restored.

- (T154672) Un-deprecate ArticleAfterFetchContentObject hook.

- (T158766) Avoid SQL error on MSSQL when using selectRowCount()

- (T145635) Fix too long index error when installing with MSSQL

- (T156184) $wgRawHtml will no longer apply to internationalization messages.

- (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is installed.

- (T154872) Fix incorrect ar_usertext_timestamp index names in new 1.28 installs.

- (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow redirect to interwiki links.

- (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when $wgAdvancedSearchHighlighting is true.

- (T125177) SECURITY: API parameters may now be marked as 'sensitive' to keep their values out of the logs.

- (T150044) SECURITY: 'Mark all pages visited' on the watchlist now requires a CSRF token.

- (T156184) SECURITY: Escape content model/format url parameter in message.

- (T151735) SECURITY: SVG filter evasion using default attribute values in DTD declaration.

- (T161453) SECURITY: LocalisationCache will no longer use the temporary directory in it's fallback chain when trying to work out where to write the cache.

- (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file inclusion syntax's link parameter.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected mediawiki package.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2017-05cb6287b7

Plugin Details

Severity: High

ID: 101564

File Name: fedora_2017-05cb6287b7.nasl

Version: 3.4

Type: local

Agent: unix

Published: 7/17/2017

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:mediawiki, cpe:/o:fedoraproject:fedora:26

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 4/13/2017

Vulnerability Publication Date: 4/13/2017

Reference Information