Fedora 28 : mediawiki (2018-e022ecbc52)

Medium Nessus Plugin ID 120855


The remote Fedora host is missing a security update.



- (T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides 'newbie'.

- (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's account lock.

- (T180551) Fix LanguageSrTest for language converter

- (T180552) Fix langauge converter parser test with self-close tags

- (T180537) Remove $wgAuth usage from wrapOldPasswords.php

- (T180485) InputBox: Have inputbox langconvert certain attributes

- (T161732, T181547) Upgraded Moment.js from v2.15.0 to v2.19.3.

- (T172927) Drop vendor from MW release branch

- (T87572) Make FormatMetadata::flattenArrayReal() work for an associative array

- Updated composer/spdx-licenses from 1.1.4 to 1.3.0 (development dependency).

- (T189567) the CLI installer (maintenance/install.php) learned to detect and include extensions. Pass
--with-extensions to enable that feature.

- (T182381) Mask deprecated call in WatchedItemUnitTest

- (T190503) Let built-in web server (maintenance/dev) handle .php requests.

- The karma qunit tests would fail on some configuration due to headers already sent. Check headers_sent() before sending cpPosTime headers

- (T167507) selenium: Run Chrome headlessly.

- selenium: Pass -no-sandbox to Chrome under Docker

- (T191247) Use MediaWiki\SuppressWarnings around trigger_error() instead @

- (T75174, T161041) Unit test ChangesListSpecialPageTest::testFilterUserExpLevel fails under SQLite.

- (T192584) Stop incorrectly passing USE INDEX to RecentChange::newFromConds().

- (T179190) selenium: Move test running logic from package.json to selenium.sh.

- (T117839, T193200) PDFHandler: Fix for pdfinfo changes in poppler-utils 0.48.

- Add default edit rate limit of 90 edits/minute for all users.

- (T196125) php-memcached 3.0 (provided with PHP 7.0) is now supported.

- (T196672) The mtime of extension.json files is now able to be zero

- (T180403) Validate $length in padleft/padright parser functions.

- (T143790) Make $wgEmailConfirmToEdit only affect edit actions.

- (T194237) Special:BotPasswords now requires reauthentication.

- (T191608, T187638) Add 'logid' parameter to Special:Log.

- (T176097) resourceloader: Disable a flaky MessageBlobStoreTest case

- (T193829) Indicate when a Bot Password needs reset.

- (T151415) Log email changes.

- (T118420) Unbreak Oracle installer.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.


Update the affected mediawiki package.

See Also


Plugin Details

Severity: Medium

ID: 120855

File Name: fedora_2018-e022ecbc52.nasl

Version: 1.5

Type: local

Agent: unix

Published: 2019/01/03

Updated: 2020/06/04

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS Score Source: CVE-2018-0505

CVSS v2.0

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:mediawiki, cpe:/o:fedoraproject:fedora:28

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2018/10/07

Vulnerability Publication Date: 2018/10/04

Reference Information

CVE: CVE-2018-0503, CVE-2018-0504, CVE-2018-0505