Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2018-0433)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.1.10.2018.0433

Category: Mageia Linux Local Security Checks

Title: Mageia: Security Advisory (MGASA-2018-0433)

Summary: The remote host is missing an update for the 'mediawiki' package(s) announced via the MGASA-2018-0433 advisory.

Description: Summary:
The remote host is missing an update for the 'mediawiki' package(s) announced via the MGASA-2018-0433 advisory.

Vulnerability Insight:
Updated mediawiki packages fix security vulnerabilities:

'$wgRateLimits' entry for 'user' overrides 'newbie' (CVE-2018-0503).

When a log event is (partially) hidden Special:Redirect/logid can link
to the incorrect log and reveal hidden information (CVE-2018-0504).

BotPasswords can bypass CentralAuth's account lock (CVE-2018-0505).

Affected Software/OS:
'mediawiki' package(s) on Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
4.0

CVSS Vector:
AV:N/AC:L/Au:S/C:N/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-0503
Debian Security Information: DSA-4301 (Google Search)
https://www.debian.org/security/2018/dsa-4301
https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
RedHat Security Advisories: RHSA-2019:3142
https://access.redhat.com/errata/RHSA-2019:3142
RedHat Security Advisories: RHSA-2019:3238
https://access.redhat.com/errata/RHSA-2019:3238
RedHat Security Advisories: RHSA-2019:3813
https://access.redhat.com/errata/RHSA-2019:3813
http://www.securitytracker.com/id/1041695
Common Vulnerability Exposure (CVE) ID: CVE-2018-0504
Common Vulnerability Exposure (CVE) ID: CVE-2018-0505

Copyright Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.1.10.2018.0433
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2018-0433)
Summary:	The remote host is missing an update for the 'mediawiki' package(s) announced via the MGASA-2018-0433 advisory.
Description:	Summary: The remote host is missing an update for the 'mediawiki' package(s) announced via the MGASA-2018-0433 advisory. Vulnerability Insight: Updated mediawiki packages fix security vulnerabilities: '$wgRateLimits' entry for 'user' overrides 'newbie' (CVE-2018-0503). When a log event is (partially) hidden Special:Redirect/logid can link to the incorrect log and reveal hidden information (CVE-2018-0504). BotPasswords can bypass CentralAuth's account lock (CVE-2018-0505). Affected Software/OS: 'mediawiki' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-0503 Debian Security Information: DSA-4301 (Google Search) https://www.debian.org/security/2018/dsa-4301 https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html RedHat Security Advisories: RHSA-2019:3142 https://access.redhat.com/errata/RHSA-2019:3142 RedHat Security Advisories: RHSA-2019:3238 https://access.redhat.com/errata/RHSA-2019:3238 RedHat Security Advisories: RHSA-2019:3813 https://access.redhat.com/errata/RHSA-2019:3813 http://www.securitytracker.com/id/1041695 Common Vulnerability Exposure (CVE) ID: CVE-2018-0504 Common Vulnerability Exposure (CVE) ID: CVE-2018-0505
Copyright	Copyright (C) 2022 Greenbone AG