Ubuntu Security Notice 925-1

Ubuntu Security Notice 925-1: Posted Apr 9, 2010; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 925-1 - It was discovered that MoinMoin did not properly sanitize its input when processing Despam actions, resulting in cross-site scripting (XSS) vulnerabilities. If a privileged wiki user were tricked into performing the Despam action on a page with a crafted title, a remote attacker could exploit this to execute JavaScript code. It was discovered that the TextCha protection in MoinMoin could be bypassed by submitting a crafted form request. This issue only affected Ubuntu 8.10.; tags | advisory, remote, javascript, vulnerability, xss; systems | linux, ubuntu; advisories | CVE-2010-0828, CVE-2010-1238; SHA-256 | 82c35b721a3b693f76ae72c67ffad7a459b00ebe8aba7b8dda1b0607d89daf8f; Download | Favorite | View

Ubuntu Security Notice 925-1

===========================================================
Ubuntu Security Notice USN-925-1             April 08, 2010
moin vulnerabilities
CVE-2010-0828, CVE-2010-1238
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  python2.4-moinmoin              1.5.2-1ubuntu2.6

Ubuntu 8.04 LTS:
  python-moinmoin                 1.5.8-5.1ubuntu2.4

Ubuntu 8.10:
  python-moinmoin                 1.7.1-1ubuntu1.5

Ubuntu 9.04:
  python-moinmoin                 1.8.2-2ubuntu2.3

Ubuntu 9.10:
  python-moinmoin                 1.8.4-1ubuntu1.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that MoinMoin did not properly sanitize its input when
processing Despam actions, resulting in cross-site scripting (XSS)
vulnerabilities. If a privileged wiki user were tricked into performing
the Despam action on a page with a crafted title, a remote attacker could
exploit this to execute JavaScript code. (CVE-2010-0828)

It was discovered that the TextCha protection in MoinMoin could be bypassed
by submitting a crafted form request. This issue only affected Ubuntu 8.10.
(CVE-2010-1238)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2-1ubuntu2.6.diff.gz
      Size/MD5:    48190 bcb94e3d181af844815cc13d979b6fee
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2-1ubuntu2.6.dsc
      Size/MD5:      711 94969ba288edc08204be5c188e0e0ee1
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2.orig.tar.gz
      Size/MD5:  3975925 689ed7aa9619aa207398b996d68b4b87

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moinmoin-common_1.5.2-1ubuntu2.6_all.deb
      Size/MD5:  1508824 480fd0e33b3cdcef687c09096a85e6fc
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.5.2-1ubuntu2.6_all.deb
      Size/MD5:    70098 c0049e25be27ee4907592b2049870b65
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/python2.4-moinmoin_1.5.2-1ubuntu2.6_all.deb
      Size/MD5:   836924 5fa014d2a6e3ce7d8ab4b92e0c0d3c07

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.8-5.1ubuntu2.4.diff.gz
      Size/MD5:    67966 4b6411462ec3e1d8a7dd5a5fff4a6099
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.8-5.1ubuntu2.4.dsc
      Size/MD5:      990 e8ac6c3c302a1e6aeb8af7fda61ce8d3
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.8.orig.tar.gz
      Size/MD5:  4351630 79625eaeb65907bfaf8b3036d81c82a5

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moinmoin-common_1.5.8-5.1ubuntu2.4_all.deb
      Size/MD5:  1662062 9a800d6ae893466b55207d530bb7c168
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.5.8-5.1ubuntu2.4_all.deb
      Size/MD5:   943232 9a61e17b966714ca519e45064101b191

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.7.1-1ubuntu1.5.diff.gz
      Size/MD5:    83136 ed41db28059cd77f82f3a7086eb655b2
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.7.1-1ubuntu1.5.dsc
      Size/MD5:     1351 e4bfab6c10cf06ef6ce52a740e13c22f
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.7.1.orig.tar.gz
      Size/MD5:  5468224 871337b8171c91f9a6803e5376857e8d

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.7.1-1ubuntu1.5_all.deb
      Size/MD5:  4498914 60ebe69d19432563d61a4a2ed93cf738

Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.2-2ubuntu2.3.diff.gz
      Size/MD5:   104942 9dfd747b7096aa4c41e5bd0a5c62475a
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.2-2ubuntu2.3.dsc
      Size/MD5:     1354 8c79801a1d045a921232b98bd4d7f786
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.2.orig.tar.gz
      Size/MD5:  5943057 b3ced56bbe09311a7c56049423214cdb

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.8.2-2ubuntu2.3_all.deb
      Size/MD5:  3903592 9613db079b1cb7a8acd10691cdb599a6

Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.4-1ubuntu1.2.diff.gz
      Size/MD5:   109654 e7573ab899ccd7ad99e7c0fc3f457b88
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.4-1ubuntu1.2.dsc
      Size/MD5:     1359 49e32b3944a61c7ade37ab07a89eb358
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.4.orig.tar.gz
      Size/MD5:  5959517 6a91a62f5c0dd5379f3c2411c6629496

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.8.4-1ubuntu1.2_all.deb
      Size/MD5:  3925848 3df2b5c94d15d8bbbe78fd631232a165

Top Authors In Last 30 Days

Red Hat 237 files
indoushka 172 files
Jay Turla 150 files
Ubuntu 78 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,124)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,237)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,845)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,852)
UNIX (9,456)
UnixWare (188)
Windows (6,772)
Other

Ubuntu Security Notice 925-1

Ubuntu Security Notice 925-1

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice 925-1

Share This

Ubuntu Security Notice 925-1

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems