lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <1242055294.31390.2.camel@mdlinux.technorage.com>
Date: Mon, 11 May 2009 11:21:34 -0400
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-774-1] MoinMoin vulnerability

===========================================================
Ubuntu Security Notice USN-774-1               May 11, 2009
moin vulnerability
CVE-2009-1482
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
  python-moinmoin                 1.7.1-1ubuntu1.2

Ubuntu 9.04:
  python-moinmoin                 1.8.2-2ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that MoinMoin did not properly sanitize its input when
attaching files, resulting in cross-site scripting (XSS) vulnerabilities.
With cross-site scripting vulnerabilities, if a user were tricked into
viewing server output during a crafted server request, a remote attacker
could exploit this to modify the contents, or steal confidential data,
within the same domain.


Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.7.1-1ubuntu1.2.diff.gz
      Size/MD5:    70843 b324c3563a0455831aac793c235ad553
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.7.1-1ubuntu1.2.dsc
      Size/MD5:     1350 ae2583d23ef966e67bb6a7df4c002dba
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.7.1.orig.tar.gz
      Size/MD5:  5468224 871337b8171c91f9a6803e5376857e8d

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.7.1-1ubuntu1.2_all.deb
      Size/MD5:  4498492 7280f01e0199a258dd4b720b8c6eaf84

Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.2-2ubuntu2.1.diff.gz
      Size/MD5:    94431 35acf54b1a7351568fc80c2e3711bbf8
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.2-2ubuntu2.1.dsc
      Size/MD5:     1350 62c722d613bcded1fb4ff93729eec31a
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.2.orig.tar.gz
      Size/MD5:  5943057 b3ced56bbe09311a7c56049423214cdb

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.8.2-2ubuntu2.1_all.deb
      Size/MD5:  3902618 ea5f597ed7b0cc76af72b3e5c65cfaa2



Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ