MGASA-2018-0433

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2018-0433.html
Import Source
https://advisories.mageia.org/MGASA-2018-0433.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2018-0433
Related
Published
2018-11-03T11:55:18Z
Modified
2018-11-03T11:28:29Z
Summary
Updated mediawiki packages fix security vulnerabilities
Details

Updated mediawiki packages fix security vulnerabilities:

'$wgRateLimits' entry for 'user' overrides 'newbie' (CVE-2018-0503).

When a log event is (partially) hidden Special:Redirect/logid can link to the incorrect log and reveal hidden information (CVE-2018-0504).

BotPasswords can bypass CentralAuth's account lock (CVE-2018-0505).

References
Credits

Affected packages

Mageia:6 / mediawiki

Package

Name
mediawiki
Purl
pkg:rpm/mageia/mediawiki?distro=mageia-6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.27.5-1.mga6

Ecosystem specific 

{
    "section": "core"
}