Ubuntu 996-1: Mako vulnerability

    Date29 Sep 2010
    CategoryUbuntu
    72
    Posted ByLinuxSecurity Advisories
    It was discovered that Mako incorrectly filtered single-quote characters when performing html filtering. An attacker could utilize this to perform cross-site scripting attacks.
    ===========================================================
    Ubuntu Security Notice USN-996-1         September 29, 2010
    mako vulnerability
    CVE-2010-2480
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 10.04 LTS
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 10.04 LTS:
      python-mako                     0.2.5-2ubuntu1.3
    
    In general, a standard system update will make all the necessary changes.
    
    Details follow:
    
    It was discovered that Mako incorrectly filtered single-quote characters
    when performing html filtering. An attacker could utilize this to perform
    cross-site scripting attacks.
    
    
    Updated packages for Ubuntu 10.04:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/m/mako/mako_0.2.5-2ubuntu1.3.diff.gz
          Size/MD5:     5622 9cc948447247736d5d37f2ada66f2e59
        http://security.ubuntu.com/ubuntu/pool/main/m/mako/mako_0.2.5-2ubuntu1.3.dsc
          Size/MD5:     1452 fd281df3c78bc4ca4fb2f1a96a5cf9c9
        http://security.ubuntu.com/ubuntu/pool/main/m/mako/mako_0.2.5.orig.tar.gz
          Size/MD5:   228192 d8ca783630dc5e93970a2075532fa643
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/m/mako/python-mako_0.2.5-2ubuntu1.3_all.deb
          Size/MD5:   100918 0df79d97dbd23990c0bb3dbd85e8c5f0
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"37","type":"x","order":"1","pct":51.39,"resources":[]},{"id":"88","title":"Should be more technical","votes":"10","type":"x","order":"2","pct":13.89,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"25","type":"x","order":"3","pct":34.72,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.