Fedora 27 : mediawiki (2018-edf90410ea)

High Nessus Plugin ID 117965

Synopsis

The remote Fedora host is missing a security update.

Description

https://www.mediawiki.org/wiki/Release_notes/1.29#MediaWiki_1.29.3

- (T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides 'newbie'.

- (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's account lock.

- (T180551) Fix LanguageSrTest for language converter

- (T180552) Fix langauge converter parser test with self-close tags

- (T180537) Remove $wgAuth usage from wrapOldPasswords.php

- (T180485) InputBox: Have inputbox langconvert certain attributes

- (T161732, T181547) Upgraded Moment.js from v2.15.0 to v2.19.3.

- (T172927) Drop vendor from MW release branch

- (T87572) Make FormatMetadata::flattenArrayReal() work for an associative array

- Updated composer/spdx-licenses from 1.1.4 to 1.3.0 (development dependency).

- (T189567) the CLI installer (maintenance/install.php) learned to detect and include extensions. Pass
--with-extensions to enable that feature.

- (T182381) Mask deprecated call in WatchedItemUnitTest

- (T190503) Let built-in web server (maintenance/dev) handle .php requests.

- The karma qunit tests would fail on some configuration due to headers already sent. Check headers_sent() before sending cpPosTime headers

- (T167507) selenium: Run Chrome headlessly.

- selenium: Pass -no-sandbox to Chrome under Docker

- (T191247) Use MediaWiki\SuppressWarnings around trigger_error() instead @

- (T75174, T161041) Unit test ChangesListSpecialPageTest::testFilterUserExpLevel fails under SQLite.

- (T192584) Stop incorrectly passing USE INDEX to RecentChange::newFromConds().

- (T179190) selenium: Move test running logic from package.json to selenium.sh.

- (T117839, T193200) PDFHandler: Fix for pdfinfo changes in poppler-utils 0.48.

- Add default edit rate limit of 90 edits/minute for all users.

- (T196125) php-memcached 3.0 (provided with PHP 7.0) is now supported.

- (T196672) The mtime of extension.json files is now able to be zero

- (T180403) Validate $length in padleft/padright parser functions.

- (T143790) Make $wgEmailConfirmToEdit only affect edit actions.

- (T194237) Special:BotPasswords now requires reauthentication.

- (T191608, T187638) Add 'logid' parameter to Special:Log.

- (T176097) resourceloader: Disable a flaky MessageBlobStoreTest case

- (T193829) Indicate when a Bot Password needs reset.

- (T151415) Log email changes.

- (T118420) Unbreak Oracle installer.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected mediawiki package.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2018-edf90410ea

Plugin Details

Severity: High

ID: 117965

File Name: fedora_2018-edf90410ea.nasl

Version: 1.1

Type: local

Agent: unix

Published: 2018/10/09

Modified: 2018/10/09

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:mediawiki, cpe:/o:fedoraproject:fedora:27

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2018/10/07

Reference Information

CVE: CVE-2018-0503, CVE-2018-0504, CVE-2018-0505