USN-911-1: MoinMoin vulnerabilities

Referenced CVEs:

CVE-2010-0668, CVE-2010-0669, CVE-2010-0717

Description:

===========================================================
Ubuntu Security Notice USN-911-1 March 11, 2010
moin vulnerabilities
CVE-2010-0668, CVE-2010-0669, CVE-2010-0717
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
python2.4-moinmoin 1.5.2-1ubuntu2.5

Ubuntu 8.04 LTS:
python-moinmoin 1.5.8-5.1ubuntu2.3

Ubuntu 8.10:
python-moinmoin 1.7.1-1ubuntu1.3

Ubuntu 9.04:
python-moinmoin 1.8.2-2ubuntu2.2

Ubuntu 9.10:
python-moinmoin 1.8.4-1ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that several wiki actions and preference settings in
MoinMoin were not protected from cross-site request forgery (CSRF). If an
authenticated user were tricked into visiting a malicious website while
logged into MoinMoin, a remote attacker could change the user’s
configuration or wiki content. (CVE-2010-0668, CVE-2010-0717)

It was discovered that MoinMoin did not properly sanitize its input when
processing user preferences. An attacker could enter malicious content
which when viewed by a user, could render in unexpected ways.
(CVE-2010-0669)

Tags: 911, Attacker, Csrf, Edubuntu, Forgery, Malicious Content, Malicious Website, March 11, Moinmoin, Nbsp, Preference Settings, Python, Python2, Security Issue, Security Notice, Usn

Fri, March 12 2010 » Uncategorized

Insanity Reviews Friends