Mageia: 2020-0292 Moderate: MediaWiki Information Disclosure

mageia

July 10, 2020

Updated mediawiki packages fix security vulnerability: In MediaWiki before 1.31.8, private wikis behind a caching server using the img_auth.php image authorization security featur...

Summary

Updated mediawiki packages fix security vulnerability:
In MediaWiki before 1.31.8, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled (CVE-2020-15005).

References

- https://bugs.mageia.org/show_bug.cgi?id=26921

- https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/X4YHE5EVSEZFBQS2NRUDPN5VIL3EFKLR/

- https://www.cve.org/CVERecord?id=CVE-2019-XXXX

Topics Covered

security advisory information disclosure mediawiki Mageia cache mishandling

Resolution

SRPMS

- 7/core/mediawiki-1.31.8-1.mga7

Publication date: 10 Jul 2020

URL: https://advisories.mageia.org/MGASA-2020-0292.html

Type: security

CVE: CVE-2019-XXXX

Topics Covered

security advisory information disclosure mediawiki Mageia cache mishandling

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Mageia: 2020-0292 Moderate: MediaWiki Information Disclosure

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Mageia: 2020-0292 Moderate: MediaWiki Information Disclosure

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!