USN-421-1: MoinMoin vulnerability
Posted on: 02/10/2007 04:35 AM

A new MoinMoin vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-421-1 February 10, 2007
moin, moin1.3 vulnerability
CVE-2007-0857
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
moin 1.2.4-1ubuntu2.1
python2.3-moinmoin 1.3.4-6ubuntu1.1
python2.4-moinmoin 1.3.4-6ubuntu1.1

Ubuntu 6.06 LTS:
python2.4-moinmoin 1.5.2-1ubuntu2.1

Ubuntu 6.10:
python2.4-moinmoin 1.5.3-1ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

A flaw was discovered in MoinMoin's page name sanitizer which could lead=20
to a cross-site scripting attack. By tricking a user into viewing a=20
crafted MoinMoin page, an attacker could execute arbitrary JavaScript as=20
the current MoinMoin user, possibly exposing the user's authentication=20
information for the domain where MoinMoin was hosted.


Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/m/moin1.3/moin1.3_1.3.4-6ub=
untu1.1.diff.gz
Size/MD5: 44173 692c6d70ddfcd4bee6c52b5a058e12a5
http://security.ubuntu.com/ubuntu/pool/main/m/moin1.3/moin1.3_1.3.4-6ub=
untu1.1.dsc
Size/MD5: 787 5d884216cdba772e9e4aa899754b043f
http://security.ubuntu.com/ubuntu/pool/main/m/moin1.3/moin1.3_1.3.4.ori=
g.tar.gz
Size/MD5: 3085225 aff667e7c60c5af2525cd1381f417608
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.2.4-1ubuntu2.=
1.diff.gz
Size/MD5: 38141 d36e9f5e4a49fbd5cbf3660e26a2bb08
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.2.4-1ubuntu2.=
1.dsc
Size/MD5: 646 a12da82f5b5bc78c4fa81d0a41d3505d
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.2.4.orig.tar.=
gz
Size/MD5: 1142734 4fea82b27079d1db50a38cf06317cfaa

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.2.4-1ubuntu2.=
1_all.deb
Size/MD5: 875380 c51d8534d114a5ac8168d74078d057ac
http://security.ubuntu.com/ubuntu/pool/main/m/moin1.3/moinmoin-common_1=
=2E3.4-6ubuntu1.1_all.deb
Size/MD5: 726336 7d06a0597d2cf730071a3ab8f89fa1b1
http://security.ubuntu.com/ubuntu/pool/main/m/moin1.3/python-moinmoin_1=
=2E3.4-6ubuntu1.1_all.deb
Size/MD5: 50100 8989297583d220982a5d357024b67512
http://security.ubuntu.com/ubuntu/pool/universe/m/moin1.3/python2.3-moi=
nmoin_1.3.4-6ubuntu1.1_all.deb
Size/MD5: 584174 320ab3f0940162c0d9effc5c6c20eeb6
http://security.ubuntu.com/ubuntu/pool/main/m/moin1.3/python2.4-moinmoi=
n_1.3.4-6ubuntu1.1_all.deb
Size/MD5: 584184 8d64c3204991c3f0f1ef23fbb76b3ccc

Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2-1ubuntu2.=
1.diff.gz
Size/MD5: 36962 a118fa520ea2ffbb43138ddbed7fdf79
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2-1ubuntu2.=
1.dsc
Size/MD5: 702 220ca3322333fff147b16635b632b6a6
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2.orig.tar.=
gz
Size/MD5: 3975925 689ed7aa9619aa207398b996d68b4b87

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/m/moin/moinmoin-common_1.5.=
2-1ubuntu2.1_all.deb
Size/MD5: 1507708 cc18106ba9a34162b5895474ffcd78a3
http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.5.=
2-1ubuntu2.1_all.deb
Size/MD5: 69348 87fba532f3c2a2dbc4d5e24efe0adedf
http://security.ubuntu.com/ubuntu/pool/main/m/moin/python2.4-moinmoin_1=
=2E5.2-1ubuntu2.1_all.deb
Size/MD5: 834402 731d1b0936fe0002372e38fd196f2904

Updated packages for Ubuntu 6.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.3-1ubuntu1.=
1.diff.gz
Size/MD5: 37699 aa17a2ab9e6228584e6215bde1f65dcb
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.3-1ubuntu1.=
1.dsc
Size/MD5: 726 cc673d0b1366fe30e7be24efb5655b08
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.3.orig.tar.=
gz
Size/MD5: 4187091 e95ec46ee8de9527a39793108de22f7d

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/m/moin/moinmoin-common_1.5.=
3-1ubuntu1.1_all.deb
Size/MD5: 1574710 405eb7dd6d415d75897b38c27c137cc6
http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.5.=
3-1ubuntu1.1_all.deb
Size/MD5: 73438 2257461978d5728ff0028cfef6964735
http://security.ubuntu.com/ubuntu/pool/main/m/moin/python2.4-moinmoin_1=
=2E5.3-1ubuntu1.1_all.deb
Size/MD5: 908768 b3a8d8fe09d6a0d33bde2a3e42c9d389


--+ARLBH93C7pgvpZY
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFzTsHH/9LqRcGPm0RAmOjAJ9+WWIZ8otDqLelWsMEZLUziXKMzwCfaM/O
8KX3S8bOOPBALPoOuN4UQpo=
=KsWx
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_421_1_moinmoin_vulnerability.html)