| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Aug 2010 11:41:12 -0400
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-977-1] MoinMoin vulnerabilities
===========================================================
Ubuntu Security Notice USN-977-1 August 25, 2010
moin vulnerabilities
CVE-2010-2487, CVE-2010-2969, CVE-2010-2970
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
python2.4-moinmoin 1.5.2-1ubuntu2.7
Ubuntu 8.04 LTS:
python-moinmoin 1.5.8-5.1ubuntu2.5
Ubuntu 9.04:
python-moinmoin 1.8.2-2ubuntu2.5
Ubuntu 9.10:
python-moinmoin 1.8.4-1ubuntu1.3
Ubuntu 10.04 LTS:
python-moinmoin 1.9.2-2ubuntu3.1
In general, a standard system update will make all the necessary changes.
Details follow:
It was discovered that MoinMoin did not properly sanitize its input,
resulting in cross-site scripting (XSS) vulnerabilities. With cross-site
scripting vulnerabilities, if a user were tricked into viewing server
output during a crafted server request, a remote attacker could exploit
this to modify the contents, or steal confidential data, within the same
domain.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2-1ubuntu2.7.diff.gz
Size/MD5: 49089 798d58a0653bc3c6f340a8dfcd67139a
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2-1ubuntu2.7.dsc
Size/MD5: 711 b3b09797305667d6fcfd30e8bf7876ba
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2.orig.tar.gz
Size/MD5: 3975925 689ed7aa9619aa207398b996d68b4b87
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moinmoin-common_1.5.2-1ubuntu2.7_all.deb
Size/MD5: 1508970 fbda9dabaa4e983fbc56b10d59c3fc2d
http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.5.2-1ubuntu2.7_all.deb
Size/MD5: 70242 750193bf55e2d3df3f2fde6ed6b03a67
http://security.ubuntu.com/ubuntu/pool/main/m/moin/python2.4-moinmoin_1.5.2-1ubuntu2.7_all.deb
Size/MD5: 837102 5a32177941963f7e4f706c3277c13b2d
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.8-5.1ubuntu2.5.diff.gz
Size/MD5: 68607 0edfd9492a73f79ec0abc4bc92d37be3
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.8-5.1ubuntu2.5.dsc
Size/MD5: 990 ced66d820c57593f80df919fa69170b6
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.8.orig.tar.gz
Size/MD5: 4351630 79625eaeb65907bfaf8b3036d81c82a5
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moinmoin-common_1.5.8-5.1ubuntu2.5_all.deb
Size/MD5: 1662232 91ca3ee6f8d48db16e29aff8d3f923e6
http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.5.8-5.1ubuntu2.5_all.deb
Size/MD5: 943264 3c08830a948982b97c93a331b2188b55
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.2-2ubuntu2.5.diff.gz
Size/MD5: 109042 f0195805c73089e3fda1ad724fb60493
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.2-2ubuntu2.5.dsc
Size/MD5: 1354 307dda00e18ff959b74eb47c7082e954
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.2.orig.tar.gz
Size/MD5: 5943057 b3ced56bbe09311a7c56049423214cdb
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.8.2-2ubuntu2.5_all.deb
Size/MD5: 3904124 583e95f544c30bbd69655ce5b7d21dbf
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.4-1ubuntu1.3.diff.gz
Size/MD5: 113133 d84de84bb2707f19f7a301e34505c313
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.4-1ubuntu1.3.dsc
Size/MD5: 1359 510b24aa0fc1f45708dba675ddb4b322
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.4.orig.tar.gz
Size/MD5: 5959517 6a91a62f5c0dd5379f3c2411c6629496
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.8.4-1ubuntu1.3_all.deb
Size/MD5: 3926296 280bb8332b7e105762cc417553579adc
Updated packages for Ubuntu 10.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.9.2-2ubuntu3.1.debian.tar.gz
Size/MD5: 120262 a968937a9e6fa0a2a01c00fd72d35e94
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.9.2-2ubuntu3.1.dsc
Size/MD5: 1297 0771b4b929b30d60adf7932855653ba2
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.9.2.orig.tar.gz
Size/MD5: 30111807 e464c474c3a56c803dc553b8ca13c37f
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.9.2-2ubuntu3.1_all.deb
Size/MD5: 14816954 944de011cd3e5cb24c8bd58cc4666882
Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists