Go Back   The UNIX and Linux Forums > Special Forums > Security > Security Advisories (RSS)
USN-911-1: MoinMoin vulnerabilities USN-911-1: MoinMoin vulnerabilities
google site

Forums Register Blog Man Pages Forum RulesLinksAlbums FAQ Users Calendar Search Today's Posts Mark Forums Read


Security Advisories (RSS) UNIX and Linux Security Advisories Via RSS News

Reply
English Japanese Spanish French German Portuguese Italian Powered by Powered by Google
 
Search this Thread
  #1  
Old 03-11-2010
Linux Bot's Avatar
Forum Robot Girl
  

Join Date: Sep 2000
Posts: 24,442
Thanks: 0
Thanked 6 Times in 6 Posts
USN-911-1: MoinMoin vulnerabilities
Referenced CVEs:
CVE-2010-0668, CVE-2010-0669, CVE-2010-0717


Description:
===========================================================Ubuntu Security Notice USN-911-1 March 11, 2010moin vulnerabilitiesCVE-2010-0668, CVE-2010-0669, CVE-2010-0717===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 8.04 LTSUbuntu 8.10Ubuntu 9.04Ubuntu 9.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: python2.4-moinmoin 1.5.2-1ubuntu2.5Ubuntu 8.04 LTS: python-moinmoin 1.5.8-5.1ubuntu2.3Ubuntu 8.10: python-moinmoin 1.7.1-1ubuntu1.3Ubuntu 9.04: python-moinmoin 1.8.2-2ubuntu2.2Ubuntu 9.10: python-moinmoin 1.8.4-1ubuntu1.1In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:It was discovered that several wiki actions and preference settings inMoinMoin were not protected from cross-site request forgery (CSRF). If anauthenticated user were tricked into visiting a malicious website whilelogged into MoinMoin, a remote attacker could change the user'sconfiguration or wiki content. (CVE-2010-0668, CVE-2010-0717)It was discovered that MoinMoin did not properly sanitize its input whenprocessing user preferences. An attacker could enter malicious contentwhich when viewed by a user, could render in unexpected ways.(CVE-2010-0669)





More...
Sponsored Links
Reply

« Mandriva: 2010:061: ncpfs | Debian: 2014-1: moin: Multiple vulnerabilities »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
USN-774-1: MoinMoin vulnerability Linux Bot Security Advisories (RSS) 0 05-11-2009 11:45 AM
USN-716-1: MoinMoin vulnerabilities Linux Bot Security Advisories (RSS) 0 01-29-2009 11:40 PM
MoinMoin 1.7.1 (Default branch) Linux Bot Software Releases - RSS News 0 07-20-2008 09:50 PM
MoinMoin 1.6.2 (Default branch) Linux Bot Software Releases - RSS News 0 03-24-2008 08:20 PM
MoinMoin 1.5.9 (Default branch) Linux Bot Software Releases - RSS News 0 03-09-2008 05:30 PM



All times are GMT -4. The time now is 09:21 PM.

The UNIX and Linux Forums - Learn UNIX and UNIX Commands RSS Feeds - Contact Us - The UNIX and Linux Forums - Learn UNIX and UNIX Commands - Archive - Top
Language Translations Powered by Google
vBCredits v1.4 Copyright ©2007 - 2008, PixelFX Studios
SEO by vBSEO
The UNIX and Linux Forums Content Copyright ©1993-2010. All Rights Reserved.
Ad Management by RedTyger
Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited.