Ubuntu 996-1: Mako vulnerability

    Date29 Sep 2010
    107
    Posted ByLinuxSecurity Advisories
    It was discovered that Mako incorrectly filtered single-quote characters when performing html filtering. An attacker could utilize this to perform cross-site scripting attacks.
    ===========================================================
    Ubuntu Security Notice USN-996-1         September 29, 2010
    mako vulnerability
    CVE-2010-2480
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 10.04 LTS
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 10.04 LTS:
      python-mako                     0.2.5-2ubuntu1.3
    
    In general, a standard system update will make all the necessary changes.
    
    Details follow:
    
    It was discovered that Mako incorrectly filtered single-quote characters
    when performing html filtering. An attacker could utilize this to perform
    cross-site scripting attacks.
    
    
    Updated packages for Ubuntu 10.04:
    
      Source archives:
    
        https://security.ubuntu.com/ubuntu/pool/main/m/mako/mako_0.2.5-2ubuntu1.3.diff.gz
          Size/MD5:     5622 9cc948447247736d5d37f2ada66f2e59
        https://security.ubuntu.com/ubuntu/pool/main/m/mako/mako_0.2.5-2ubuntu1.3.dsc
          Size/MD5:     1452 fd281df3c78bc4ca4fb2f1a96a5cf9c9
        https://security.ubuntu.com/ubuntu/pool/main/m/mako/mako_0.2.5.orig.tar.gz
          Size/MD5:   228192 d8ca783630dc5e93970a2075532fa643
    
      Architecture independent packages:
    
        https://security.ubuntu.com/ubuntu/pool/main/m/mako/python-mako_0.2.5-2ubuntu1.3_all.deb
          Size/MD5:   100918 0df79d97dbd23990c0bb3dbd85e8c5f0
    
    
    
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"90","type":"x","order":"1","pct":78.95,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"18","type":"x","order":"2","pct":15.79,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"6","type":"x","order":"3","pct":5.26,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.