Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 5 articles for you...
172
security advisoryupdate instructionsubuntuUbuntu 18.04 LTS: USN-3794-1 Moderate: MoinMoin Data Exposure
MoinMoin could be made to expose sensitive information if it received a specially crafted input.. =========================================================================Ubuntu Security Notice USN-3794-1 October 16, 2018 moin vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: MoinMoin could be made to expose sensitive information if it received a specially crafted input. Software Description: - moin: Collaborative hypertext environment Details: It was discovered that MoinMoin incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: python-moinmoin 1.9.9-1ubuntu1.1 Ubuntu 16.04 LTS: python-moinmoin 1.9.8-1ubuntu1.16.04.2 Ubuntu 14.04 LTS: python-moinmoin 1.9.7-1ubuntu2.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3794-1 CVE-2017-5934 Package Information: https://launchpad.net/ubuntu/+source/moin/1.9.9-1ubuntu1.1 https://launchpad.net/ubuntu/+source/moin/1.9.8-1ubuntu1.16.04.2 https://launchpad.net/ubuntu/+source/moin/1.9.7-1ubuntu2.2 . Recent security flaw in MoinMoin affecting various Ubuntu distributions reveals confidential information via specially crafted requests. Update guidelines included.. MoinMoin Vulnerability, Ubuntu Security Advisory, Data Exposure Protection. . LinuxSecurity.com Team
Oct 16, 2018
Ubuntu
172
security advisorycross-site scriptingremote attackUbuntu 977-1 Advisory: Critical MoinMoin XSS Risk in Multiple Releases
It was discovered that MoinMoin did not properly sanitize its input, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same [More...]. ==========================================================Ubuntu Security Notice USN-977-1 August 25, 2010 moin vulnerabilities CVE-2010-2487, CVE-2010-2969, CVE-2010-2970 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: python2.4-moinmoin 1.5.2-1ubuntu2.7 Ubuntu 8.04 LTS: python-moinmoin 1.5.8-5.1ubuntu2.5 Ubuntu 9.04: python-moinmoin 1.8.2-2ubuntu2.5 Ubuntu 9.10: python-moinmoin 1.8.4-1ubuntu1.3 Ubuntu 10.04 LTS: python-moinmoin 1.9.2-2ubuntu3.1 In general, a standard system update will make all the necessary changes. Details follow: It was discovered that MoinMoin did not properly sanitize its input, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Updated packages for Ubuntu 6.06 LTS: Source archives: Size/MD5: 49089 798d58a0653bc3c6f340a8dfcd67139a Size/MD5: 711 b3b09797305667d6fcfd30e8bf7876ba Size/MD5: 3975925 689ed7aa9619aa207398b996d68b4b87 Architectureindependent packages: Size/MD5: 1508970 fbda9dabaa4e983fbc56b10d59c3fc2d Size/MD5: 70242 750193bf55e2d3df3f2fde6ed6b03a67 Size/MD5: 837102 5a32177941963f7e4f706c3277c13b2d Updated packages for Ubuntu 8.04 LTS: Source archives: Size/MD5: 68607 0edfd9492a73f79ec0abc4bc92d37be3 Size/MD5: 990 ced66d820c57593f80df919fa69170b6 Size/MD5: 4351630 79625eaeb65907bfaf8b3036d81c82a5 Architecture independent packages: Size/MD5: 1662232 91ca3ee6f8d48db16e29aff8d3f923e6 Size/MD5: 943264 3c08830a948982b97c93a331b2188b55 Updated packages for Ubuntu 9.04: Source archives: Size/MD5: 109042 f0195805c73089e3fda1ad724fb60493 Size/MD5: 1354 307dda00e18ff959b74eb47c7082e954 Size/MD5: 5943057 b3ced56bbe09311a7c56049423214cdb Architecture independent packages: Size/MD5: 3904124 583e95f544c30bbd69655ce5b7d21dbf Updated packages for Ubuntu 9.10: Source archives: Size/MD5: 113133 d84de84bb2707f19f7a301e34505c313 Size/MD5: 1359 510b24aa0fc1f45708dba675ddb4b322 Size/MD5: 5959517 6a91a62f5c0dd5379f3c2411c6629496 Architecture independent packages: Size/MD5: 3926296 280bb8332b7e105762cc417553579adc Updated packages for Ubuntu 10.04: Source archives: Size/MD5: 120262 a968937a9e6fa0a2a01c00fd72d35e94 Size/MD5: 1297 0771b4b929b30d60adf7932855653ba2 Size/MD5: 30111807 e464c474c3a56c803dc553b8ca13c37f Architecture independent packages: Size/MD5: 14816954 944de011cd3e5cb24c8bd58cc4666882 . Uncover significant moinmoin flaws impacting various Ubuntu releases that enable data breaches through XSS vulnerabilities.. MoinMoin Security, Cross-Site Scripting Threats, Ubuntu XSS Risks. . Severity: Critical. LinuxSecurity.com Team
Aug 25, 2010
•Critical
Ubuntu
172
security advisorymoderatesecurity issueUbuntu 9.04 USN-941-1 Moderate MoinMoin Access Control Issue
It was discovered that MoinMoin incorrectly handled hierarchical access control lists. Users could bypass intended access controls under certain circumstances.. ==========================================================Ubuntu Security Notice USN-941-1 May 20, 2010 moin vulnerability CVE-2009-4762 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.04: python-moinmoin 1.8.2-2ubuntu2.4 In general, a standard system update will make all the necessary changes. Details follow: It was discovered that MoinMoin incorrectly handled hierarchical access control lists. Users could bypass intended access controls under certain circumstances. Updated packages for Ubuntu 9.04: Source archives: Size/MD5: 106507 2a2a5fd233f2ab3c1840584adbb9d672 Size/MD5: 1354 26ea3a7551e8ac9c152b40ba6af6678c Size/MD5: 5943057 b3ced56bbe09311a7c56049423214cdb Architecture independent packages: Size/MD5: 3903932 34d601f6014020b429cccd21f2edd735 . Security vulnerability in MoinMoin allows unauthorized access. Update to latest version for protection and regularly review user permissions for safety. moinmoin security,ubuntu 9.04 advisory,access control issue. . LinuxSecurity.com Team
May 20, 2010
Ubuntu
172
security advisoryremote exploitcross-site scriptingUbuntu 925-1 Moderate: Cross-Site Scripting Risks in MoinMoin
It was discovered that MoinMoin did not properly sanitize its input whenprocessing Despam actions, resulting in cross-site scripting (XSS)vulnerabilities. If a privileged wiki user were tricked into performingthe Despam action on a page with a crafted title, a remote attacker couldexploit this to execute JavaScript code. (CVE-2010-0828) [More...]. ==========================================================Ubuntu Security Notice USN-925-1 April 08, 2010 moin vulnerabilities CVE-2010-0828, CVE-2010-1238 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: python2.4-moinmoin 1.5.2-1ubuntu2.6 Ubuntu 8.04 LTS: python-moinmoin 1.5.8-5.1ubuntu2.4 Ubuntu 8.10: python-moinmoin 1.7.1-1ubuntu1.5 Ubuntu 9.04: python-moinmoin 1.8.2-2ubuntu2.3 Ubuntu 9.10: python-moinmoin 1.8.4-1ubuntu1.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that MoinMoin did not properly sanitize its input when processing Despam actions, resulting in cross-site scripting (XSS) vulnerabilities. If a privileged wiki user were tricked into performing the Despam action on a page with a crafted title, a remote attacker could exploit this to execute JavaScript code. (CVE-2010-0828) It was discovered that the TextCha protection in MoinMoin could be bypassed by submitting a crafted form request. This issue only affected Ubuntu 8.10. (CVE-2010-1238) Updated packages for Ubuntu 6.06 LTS: Source archives: Size/MD5: 48190 bcb94e3d181af844815cc13d979b6fee Size/MD5: 711 94969ba288edc08204be5c188e0e0ee1 Size/MD5: 3975925 689ed7aa9619aa207398b996d68b4b87 Architecture independent packages: Size/MD5: 1508824 480fd0e33b3cdcef687c09096a85e6fc Size/MD5: 70098 c0049e25be27ee4907592b2049870b65 Size/MD5: 836924 5fa014d2a6e3ce7d8ab4b92e0c0d3c07 Updated packages for Ubuntu 8.04 LTS: Source archives: Size/MD5: 67966 4b6411462ec3e1d8a7dd5a5fff4a6099 Size/MD5: 990 e8ac6c3c302a1e6aeb8af7fda61ce8d3 Size/MD5: 4351630 79625eaeb65907bfaf8b3036d81c82a5 Architecture independent packages: Size/MD5: 1662062 9a800d6ae893466b55207d530bb7c168 Size/MD5: 943232 9a61e17b966714ca519e45064101b191 Updated packages for Ubuntu 8.10: Source archives: Size/MD5: 83136 ed41db28059cd77f82f3a7086eb655b2 Size/MD5: 1351 e4bfab6c10cf06ef6ce52a740e13c22f Size/MD5: 5468224 871337b8171c91f9a6803e5376857e8d Architecture independent packages: Size/MD5: 4498914 60ebe69d19432563d61a4a2ed93cf738 Updated packages for Ubuntu 9.04: Source archives: Size/MD5: 104942 9dfd747b7096aa4c41e5bd0a5c62475a Size/MD5: 1354 8c79801a1d045a921232b98bd4d7f786 Size/MD5: 5943057 b3ced56bbe09311a7c56049423214cdb Architecture independent packages: Size/MD5: 3903592 9613db079b1cb7a8acd10691cdb599a6 Updated packages for Ubuntu 9.10: Source archives: Size/MD5: 109654 e7573ab899ccd7ad99e7c0fc3f457b88 Size/MD5: 1359 49e32b3944a61c7ade37ab07a89eb358 Size/MD5: 5959517 6a91a62f5c0dd5379f3c2411c6629496 Architecture independent packages: Size/MD5: 3925848 3df2b5c94d15d8bbbe78fd631232a165 . Uncover significant vulnerabilities in MoinMoin impacting various Ubuntu versions, such as potential XSS threats and associated remedies.. MoinMoin, Input Sanitization, Ubuntu Security Advisory, Cross-Site Scripting, XSS Risks. . LinuxSecurity.com Team
Apr 08, 2010
Ubuntu
89
security advisoryfedorasecurity enhancementsFedora 10: 2009-7755 Moderate: MoinMoin Editor Security Update
This update removes the filemanager and _samples directories from the embedded FCKeditor, they contain code with know security vulnerabilities, even though that code couldn't be invoked when Moin was used with the default settings. Moin was probably not affected, but installing this update is still recommended as a security measure. CVE-2009-2265 is the related CVE identifier.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-7761 2009-07-19 03:26:20 -------------------------------------------------------------------------------- Name : moin Product : Fedora 10 Version : 1.6.4 Release : 3.fc10 URL : http://moinmo.in/ Summary : MoinMoin is a WikiEngine to collaborate on easily editable web pages Description : MoinMoin is an advanced, easy to use and extensible WikiEngine with a large community of users. Said in a few words, it is about collaboration on easily editable web pages. -------------------------------------------------------------------------------- Update Information: This update removes the filemanager and _samples directories from the embedded FCKeditor, they contain code with know security vulnerabilities, even though that code couldn't be invoked when Moin was used with the default settings. Moin was probably not affected, but installing this update is still recommended as a security measure. CVE-2009-2265 is the related CVE identifier. -------------------------------------------------------------------------------- ChangeLog: * Sun Jul 12 2009 Ville-Pekka Vainio 1.6.4-3 - Remove the filemanager and _samples directories from the embedded FCKeditor, they contain code with know security vulnerabilities, even though that code probably couldn't be invoked when moin was used with the default settings. - Fixes rhbz #509924, related to CVE-2009-2265 * Sat Jun 13 2009 Ville-Pekka Vainio 1.6.4-2 - Hierarchical ACL security fix from 1.8.4, 1.8 HG 897cdbe9e8f2 - Details athttp://moinmo.in/SecurityFixes#moin_1.8.3 - Convert CHANGES to UTF-8 * Mon Apr 20 2009 Ville-Pekka Vainio 1.6.4-1 - Update to 1.6.4 - CVE-2008-3381 fixed upstream - Re-fix CVE-2008-0781, upstream seems to have dropped the fix in 1.6, used part of upstream 1.5 db212dfc58ef, backported upstream 1.7 5f51246a4df1 and 269a1fbc3ed7 - Fix CVE-2009-0260, patch from Debian etch - Fix CVE-2009-0312 - Fix AttachFile escaping problems, backported upstream 1.7 5c4043e651b3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #509924 - CVE-2009-2265 moin: embedded fckeditor multiple directory traversal vulns https://bugzilla.redhat.com/show_bug.cgi?id=509924 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update moin' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Jul 19, 2009
•Important
Fedora
172
security advisorymoderateupdateUbuntu 8.10/9.04: USN-774-1 Moderate MoinMoin XSS Threat
It was discovered that MoinMoin did not properly sanitize its input when attaching files, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, [More...]. ==========================================================Ubuntu Security Notice USN-774-1 May 11, 2009 moin vulnerability CVE-2009-1482 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.10: python-moinmoin 1.7.1-1ubuntu1.2 Ubuntu 9.04: python-moinmoin 1.8.2-2ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that MoinMoin did not properly sanitize its input when attaching files, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Updated packages for Ubuntu 8.10: Source archives: Size/MD5: 70843 b324c3563a0455831aac793c235ad553 Size/MD5: 1350 ae2583d23ef966e67bb6a7df4c002dba Size/MD5: 5468224 871337b8171c91f9a6803e5376857e8d Architecture independent packages: Size/MD5: 4498492 7280f01e0199a258dd4b720b8c6eaf84 Updated packages for Ubuntu 9.04: Source archives: Size/MD5: 94431 35acf54b1a7351568fc80c2e3711bbf8 Size/MD5: 1350 62c722d613bcded1fb4ff93729eec31a Size/MD5: 5943057 b3ced56bbe09311a7c56049423214cdb Architecture independent packages: Size/MD5: 3902618 ea5f597ed7b0cc76af72b3e5c65cfaa2 . Ubuntu Security Alert USN-775-1 highlights a Django CSRF vulnerability impacting numerous releases, outlining crucial patches.. MoinMoin,XSS Fix,Ubuntu Security Notice,Moderate Threat. . LinuxSecurity.com Team
May 11, 2009
Ubuntu
91
security advisorygentooprivilege escalationGentoo 200805-09 Normal: MoinMoin Privilege Escalation Issue
A vulnerability in MoinMoin may allow a remote attacker to elevate his privileges.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200805-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MoinMoin: Privilege escalation Date: May 11, 2008 Bugs: #218752 ID: 200805-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability in MoinMoin may allow a remote attacker to elevate his privileges. Background ========= MoinMoin is an advanced and extensible Wiki Engine. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/moinmoin < 1.6.3 > = 1.6.3 Description ========== It has been reported that the user form processing in the file userform.py does not properly manage users when using Access Control Lists or a non-empty superusers list. Impact ===== A remote attacker could exploit this vulnerability to gain superuser privileges on the application. Workaround ========= There is no known workaround at this time. Resolution ========= All MoinMoin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-apps/moinmoin-1.6.3" References ========= [ 1 ] CVE-2008-1937 https://www.cve.org/CVERecord?id=CVE-2008-1937 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200805-09 Concerns? ======== Security is a primaryfocus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
May 11, 2008
Gentoo
91
security advisorygentooremote exploitGentoo: 200803-27 Normal: MoinMoin Multiple Threats Identified
Several vulnerabilities have been reported in MoinMoin Wiki Engine.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MoinMoin: Multiple vulnerabilities Date: March 18, 2008 Bugs: #209133 ID: 200803-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Several vulnerabilities have been reported in MoinMoin Wiki Engine. Background ========= MoinMoin is an advanced, easy to use and extensible Wiki Engine. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/moinmoin < 1.6.1 > = 1.6.1 Description ========== Multiple vulnerabilities have been discovered: * A vulnerability exists in the file wikimacro.py because the _macro_Getval function does not properly enforce ACLs (CVE-2008-1099). * A directory traversal vulnerability exists in the userform action (CVE-2008-0782). * A Cross-Site Scripting vulnerability exists in the login action (CVE-2008-0780). * Multiple Cross-Site Scripting vulnerabilities exist in the file action/AttachFile.py when using the message, pagename, and target filenames (CVE-2008-0781). * Multiple Cross-Site Scripting vulnerabilities exist in formatter/text_gedit.py (aka the gui editor formatter) which can be exploited via a page name or destination page name, which trigger an injection in the file PageEditor.py (CVE-2008-1098). Impact ===== These vulnerabilities can be exploitedto allow remote attackers to inject arbitrary web script or HTML, overwrite arbitrary files, or read protected pages. Workaround ========= There is no known workaround at this time. Resolution ========= All MoinMoin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-apps/moinmoin-1.6.1" References ========= [ 1 ] CVE-2008-0780 https://www.cve.org/CVERecord?id=CVE-2008-0780 [ 2 ] CVE-2008-0781 https://www.cve.org/CVERecord?id=CVE-2008-0781 [ 3 ] CVE-2008-0782 https://www.cve.org/CVERecord?id=CVE-2008-0782 [ 4 ] CVE-2008-1098 https://www.cve.org/CVERecord?id=CVE-2008-1098 [ 5 ] CVE-2008-1099 https://www.cve.org/CVERecord?id=CVE-2008-1099 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200803-27 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Mar 19, 2008
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!