Mageia 7: MGASA-2020-0021 Moderate: MediaWiki Bypass Protection

mageia

January 5, 2020

Updated mediawiki packages fix security vulnerability: MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary t...

Summary

Updated mediawiki packages fix security vulnerability:
MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page (CVE-2019-19709).

References

- https://bugs.mageia.org/show_bug.cgi?id=25986

- https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/NVL4C4DDFUCRTQK7WWTAJZPQHAABFA7N/

- https://www.cve.org/CVERecord?id=CVE-2019-19709

Topics Covered

security advisory security update malicious attack mediawiki Mageia bypass protection non-resolvable redirect

Resolution

SRPMS

- 7/core/mediawiki-1.31.6-1.mga7

Publication date: 05 Jan 2020

URL: https://advisories.mageia.org/MGASA-2020-0021.html

Type: security

CVE: CVE-2019-19709

Topics Covered

security advisory security update malicious attack mediawiki Mageia bypass protection non-resolvable redirect

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks