USN-911-1: MoinMoin vulnerabilities
Posted on: 03/12/2010 04:05 AM

A new MoinMoin vulnerabilities update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-911-1 March 11, 2010
moin vulnerabilities
CVE-2010-0668, CVE-2010-0669, CVE-2010-0717
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
python2.4-moinmoin 1.5.2-1ubuntu2.5

Ubuntu 8.04 LTS:
python-moinmoin 1.5.8-5.1ubuntu2.3

Ubuntu 8.10:
python-moinmoin 1.7.1-1ubuntu1.3

Ubuntu 9.04:
python-moinmoin 1.8.2-2ubuntu2.2

Ubuntu 9.10:
python-moinmoin 1.8.4-1ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that several wiki actions and preference settings in
MoinMoin were not protected from cross-site request forgery (CSRF). If an
authenticated user were tricked into visiting a malicious website while
logged into MoinMoin, a remote attacker could change the user's
configuration or wiki content. (CVE-2010-0668, CVE-2010-0717)

It was discovered that MoinMoin did not properly sanitize its input when
processing user preferences. An attacker could enter malicious content
which when viewed by a user, could render in unexpected ways.
(CVE-2010-0669)


Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2-1ubuntu2.5.diff.gz
Size/MD5: 47842 c9de4722f63975d5b0d549f4541faefb
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2-1ubuntu2.5.dsc
Size/MD5: 711 4261e09e14aba68d31430e62fad58b96
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2.orig.tar.gz
Size/MD5: 3975925 689ed7aa9619aa207398b996d68b4b87

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/m/moin/moinmoin-common_1.5.2-1ubuntu2.5_all.deb
Size/MD5: 1508744 e4635b7122dc5791d393c23a50442f59
http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.5.2-1ubuntu2.5_all.deb
Size/MD5: 70056 c4d4c744b89a48208971de0f39487f78
http://security.ubuntu.com/ubuntu/pool/main/m/moin/python2.4-moinmoin_1.5.2-1ubuntu2.5_all.deb
Size/MD5: 836826 8dfa7e8f720ba2e20bd8255af805c51b

Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.8-5.1ubuntu2.3.diff.gz
Size/MD5: 67691 2c68baf991470b12246be536daeb8507
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.8-5.1ubuntu2.3.dsc
Size/MD5: 990 db1dd97700f22787217f388eb38f9970
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.8.orig.tar.gz
Size/MD5: 4351630 79625eaeb65907bfaf8b3036d81c82a5

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/m/moin/moinmoin-common_1.5.8-5.1ubuntu2.3_all.deb
Size/MD5: 1661934 c7dcf03359418f3bda85596ffaa8ca39
http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.5.8-5.1ubuntu2.3_all.deb
Size/MD5: 943176 9646e309a911cf1612bea0b639656a8d

Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.7.1-1ubuntu1.3.diff.gz
Size/MD5: 82145 883aaca0405a3c70dee3017934c02054
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.7.1-1ubuntu1.3.dsc
Size/MD5: 1351 2ec2a7468d65b3e259b7f513ee4b3dd3
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.7.1.orig.tar.gz
Size/MD5: 5468224 871337b8171c91f9a6803e5376857e8d

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.7.1-1ubuntu1.3_all.deb
Size/MD5: 4498940 4d431e9e1fa15d78849f23c3fecc5237

Updated packages for Ubuntu 9.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.2-2ubuntu2.2.diff.gz
Size/MD5: 104519 45d696b2c87d1e890fc1cb9bcdc29284
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.2-2ubuntu2.2.dsc
Size/MD5: 1354 73b47d21e13df9d87b5907c38dd02949
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.2.orig.tar.gz
Size/MD5: 5943057 b3ced56bbe09311a7c56049423214cdb

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.8.2-2ubuntu2.2_all.deb
Size/MD5: 3903450 95c4bfcd53b45cf5bc7a5b369d2533c8

Updated packages for Ubuntu 9.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.4-1ubuntu1.1.diff.gz
Size/MD5: 109195 ac4a31caeda3ff4f039d3adc38a2cc20
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.4-1ubuntu1.1.dsc
Size/MD5: 1359 3d53805d47bc3fbd25a1965b26f3b70b
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.4.orig.tar.gz
Size/MD5: 5959517 6a91a62f5c0dd5379f3c2411c6629496

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.8.4-1ubuntu1.1_all.deb
Size/MD5: 3925688 ea6faa18323006cef4548b0a0e961350




--y0ulUmNC+osPPQO6
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkuZoGgACgkQW0JvuRdL8BpgTACgkXeQKyCYtKrylUE/IT17hteb
FIEAn0j6fdGstbjfDAEICBO8W67fzvh2
=OxRL
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_911_1_moinmoin_vulnerabilities.html)