Referenced CVEs:
CVE-2010-0668, CVE-2010-0669, CVE-2010-0717
Description:
===========================================================Ubuntu Security Notice USN-911-1 March 11, 2010moin vulnerabilitiesCVE-2010-0668, CVE-2010-0669, CVE-2010-0717===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 8.04 LTSUbuntu 8.10Ubuntu 9.04Ubuntu 9.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: python2.4-moinmoin 1.5.2-1ubuntu2.5Ubuntu 8.04 LTS: python-moinmoin 1.5.8-5.1ubuntu2.3Ubuntu 8.10: python-moinmoin 1.7.1-1ubuntu1.3Ubuntu 9.04: python-moinmoin 1.8.2-2ubuntu2.2Ubuntu 9.10: python-moinmoin 1.8.4-1ubuntu1.1In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:It was discovered that several wiki actions and preference settings inMoinMoin were not protected from cross-site request forgery (CSRF). If anauthenticated user were tricked into visiting a malicious website whilelogged into MoinMoin, a remote attacker could change the user'sconfiguration or wiki content. (CVE-2010-0668, CVE-2010-0717)It was discovered that MoinMoin did not properly sanitize its input whenprocessing user preferences. An attacker could enter malicious contentwhich when viewed by a user, could render in unexpected ways.(CVE-2010-0669)
More...
