Ubuntu 911-1: MoinMoin vulnerabilities

    Date11 Mar 2010
    CategoryUbuntu
    87
    Posted ByLinuxSecurity Advisories
    It was discovered that several wiki actions and preference settings inMoinMoin were not protected from cross-site request forgery (CSRF). If anauthenticated user were tricked into visiting a malicious website whilelogged into MoinMoin, a remote attacker could change the user'sconfiguration or wiki content. (CVE-2010-0668, CVE-2010-0717) [More...]
    ===========================================================
    Ubuntu Security Notice USN-911-1             March 11, 2010
    moin vulnerabilities
    CVE-2010-0668, CVE-2010-0669, CVE-2010-0717
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 6.06 LTS
    Ubuntu 8.04 LTS
    Ubuntu 8.10
    Ubuntu 9.04
    Ubuntu 9.10
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 6.06 LTS:
      python2.4-moinmoin              1.5.2-1ubuntu2.5
    
    Ubuntu 8.04 LTS:
      python-moinmoin                 1.5.8-5.1ubuntu2.3
    
    Ubuntu 8.10:
      python-moinmoin                 1.7.1-1ubuntu1.3
    
    Ubuntu 9.04:
      python-moinmoin                 1.8.2-2ubuntu2.2
    
    Ubuntu 9.10:
      python-moinmoin                 1.8.4-1ubuntu1.1
    
    In general, a standard system upgrade is sufficient to effect the
    necessary changes.
    
    Details follow:
    
    It was discovered that several wiki actions and preference settings in
    MoinMoin were not protected from cross-site request forgery (CSRF). If an
    authenticated user were tricked into visiting a malicious website while
    logged into MoinMoin, a remote attacker could change the user's
    configuration or wiki content. (CVE-2010-0668, CVE-2010-0717)
    
    It was discovered that MoinMoin did not properly sanitize its input when
    processing user preferences. An attacker could enter malicious content
    which when viewed by a user, could render in unexpected ways.
    (CVE-2010-0669)
    
    
    Updated packages for Ubuntu 6.06 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2-1ubuntu2.5.diff.gz
          Size/MD5:    47842 c9de4722f63975d5b0d549f4541faefb
        http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2-1ubuntu2.5.dsc
          Size/MD5:      711 4261e09e14aba68d31430e62fad58b96
        http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2.orig.tar.gz
          Size/MD5:  3975925 689ed7aa9619aa207398b996d68b4b87
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/m/moin/moinmoin-common_1.5.2-1ubuntu2.5_all.deb
          Size/MD5:  1508744 e4635b7122dc5791d393c23a50442f59
        http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.5.2-1ubuntu2.5_all.deb
          Size/MD5:    70056 c4d4c744b89a48208971de0f39487f78
        http://security.ubuntu.com/ubuntu/pool/main/m/moin/python2.4-moinmoin_1.5.2-1ubuntu2.5_all.deb
          Size/MD5:   836826 8dfa7e8f720ba2e20bd8255af805c51b
    
    Updated packages for Ubuntu 8.04 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.8-5.1ubuntu2.3.diff.gz
          Size/MD5:    67691 2c68baf991470b12246be536daeb8507
        http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.8-5.1ubuntu2.3.dsc
          Size/MD5:      990 db1dd97700f22787217f388eb38f9970
        http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.8.orig.tar.gz
          Size/MD5:  4351630 79625eaeb65907bfaf8b3036d81c82a5
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/m/moin/moinmoin-common_1.5.8-5.1ubuntu2.3_all.deb
          Size/MD5:  1661934 c7dcf03359418f3bda85596ffaa8ca39
        http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.5.8-5.1ubuntu2.3_all.deb
          Size/MD5:   943176 9646e309a911cf1612bea0b639656a8d
    
    Updated packages for Ubuntu 8.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.7.1-1ubuntu1.3.diff.gz
          Size/MD5:    82145 883aaca0405a3c70dee3017934c02054
        http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.7.1-1ubuntu1.3.dsc
          Size/MD5:     1351 2ec2a7468d65b3e259b7f513ee4b3dd3
        http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.7.1.orig.tar.gz
          Size/MD5:  5468224 871337b8171c91f9a6803e5376857e8d
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.7.1-1ubuntu1.3_all.deb
          Size/MD5:  4498940 4d431e9e1fa15d78849f23c3fecc5237
    
    Updated packages for Ubuntu 9.04:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.2-2ubuntu2.2.diff.gz
          Size/MD5:   104519 45d696b2c87d1e890fc1cb9bcdc29284
        http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.2-2ubuntu2.2.dsc
          Size/MD5:     1354 73b47d21e13df9d87b5907c38dd02949
        http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.2.orig.tar.gz
          Size/MD5:  5943057 b3ced56bbe09311a7c56049423214cdb
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.8.2-2ubuntu2.2_all.deb
          Size/MD5:  3903450 95c4bfcd53b45cf5bc7a5b369d2533c8
    
    Updated packages for Ubuntu 9.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.4-1ubuntu1.1.diff.gz
          Size/MD5:   109195 ac4a31caeda3ff4f039d3adc38a2cc20
        http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.4-1ubuntu1.1.dsc
          Size/MD5:     1359 3d53805d47bc3fbd25a1965b26f3b70b
        http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.4.orig.tar.gz
          Size/MD5:  5959517 6a91a62f5c0dd5379f3c2411c6629496
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.8.4-1ubuntu1.1_all.deb
          Size/MD5:  3925688 ea6faa18323006cef4548b0a0e961350
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"39","type":"x","order":"1","pct":50,"resources":[]},{"id":"88","title":"Should be more technical","votes":"11","type":"x","order":"2","pct":14.1,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"28","type":"x","order":"3","pct":35.9,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.