it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Gergo Tisza <gtisza AT wikimedia.org>
- To: mediawiki-announce AT lists.wikimedia.org
- Subject: [IT-SecNots] [MediaWiki-announce] CentralAuth security update
- Date: Thu, 27 Oct 2016 17:09:10 -0700
- Authentication-results: mail.intern.piratenpartei.de (MFA); dkim=pass (1024-bit key) header.d=lists.wikimedia.org header.b=rb/OSDFX; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=wikimedia.org header.b=qSZHy8i9
- List-archive: <https://lists.wikimedia.org/pipermail/mediawiki-announce/>
- List-id: MediaWiki update and security announcements list <mediawiki-announce.lists.wikimedia.org>
A security bug [1] has been fixed in CentralAuth; the bug caused logouts to
silently fail if the local account on the central login wiki was
unattached. That does not happen under normal circumstances, so the
vulnerability can only be exposed if some other error causes attaching
accounts to fail; nevertheless you are advised to update your
installations. The fix has been backported to all supported versions (those
for MediaWiki 1.23, 1.26 and 1.27).
Gergő
https://www.mediawiki.org/wiki/User:Tgr_(WMF)
[1] https://phabricator.wikimedia.org/T137551
_______________________________________________
MediaWiki announcements mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
- [IT-SecNots] [MediaWiki-announce] CentralAuth security update, Gergo Tisza, 28.10.2016
Archiv bereitgestellt durch MHonArc 2.6.19.