drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in MoinMoin
Name: |
Mehrere Probleme in MoinMoin |
|
ID: |
USN-911-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 6.06, Ubuntu 8.04 LTS, Ubuntu 8.10, Ubuntu 9.04, Ubuntu 9.10 |
|
Datum: |
Fr, 12. März 2010, 08:46 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0668
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0669
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0717 |
|
Applikationen: |
MoinMoin |
|
Originalnachricht |
--===============2656602295755494510== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="y0ulUmNC+osPPQO6" Content-Disposition: inline
--y0ulUmNC+osPPQO6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
=========================================================== Ubuntu Security Notice USN-911-1 March 11, 2010 moin vulnerabilities CVE-2010-0668, CVE-2010-0669, CVE-2010-0717 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: python2.4-moinmoin 1.5.2-1ubuntu2.5
Ubuntu 8.04 LTS: python-moinmoin 1.5.8-5.1ubuntu2.3
Ubuntu 8.10: python-moinmoin 1.7.1-1ubuntu1.3
Ubuntu 9.04: python-moinmoin 1.8.2-2ubuntu2.2
Ubuntu 9.10: python-moinmoin 1.8.4-1ubuntu1.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
It was discovered that several wiki actions and preference settings in MoinMoin were not protected from cross-site request forgery (CSRF). If an authenticated user were tricked into visiting a malicious website while logged into MoinMoin, a remote attacker could change the user's configuration or wiki content. (CVE-2010-0668, CVE-2010-0717)
It was discovered that MoinMoin did not properly sanitize its input when processing user preferences. An attacker could enter malicious content which when viewed by a user, could render in unexpected ways. (CVE-2010-0669)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
moin_1.5.2-1ubuntu2.5.diff.gz Size/MD5: 47842 c9de4722f63975d5b0d549f4541faefb moin_1.5.2-1ubuntu2.5.dsc Size/MD5: 711 4261e09e14aba68d31430e62fad58b96 http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2.orig.tar.gz Size/MD5: 3975925 689ed7aa9619aa207398b996d68b4b87
Architecture independent packages:
moinmoin-common_1.5.2-1ubuntu2.5_all.deb Size/MD5: 1508744 e4635b7122dc5791d393c23a50442f59 python-moinmoin_1.5.2-1ubuntu2.5_all.deb Size/MD5: 70056 c4d4c744b89a48208971de0f39487f78 python2.4-moinmoin_1.5.2-1ubuntu2.5_all.deb Size/MD5: 836826 8dfa7e8f720ba2e20bd8255af805c51b
Updated packages for Ubuntu 8.04 LTS:
Source archives:
moin_1.5.8-5.1ubuntu2.3.diff.gz Size/MD5: 67691 2c68baf991470b12246be536daeb8507 moin_1.5.8-5.1ubuntu2.3.dsc Size/MD5: 990 db1dd97700f22787217f388eb38f9970 http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.8.orig.tar.gz Size/MD5: 4351630 79625eaeb65907bfaf8b3036d81c82a5
Architecture independent packages:
moinmoin-common_1.5.8-5.1ubuntu2.3_all.deb Size/MD5: 1661934 c7dcf03359418f3bda85596ffaa8ca39 python-moinmoin_1.5.8-5.1ubuntu2.3_all.deb Size/MD5: 943176 9646e309a911cf1612bea0b639656a8d
Updated packages for Ubuntu 8.10:
Source archives:
moin_1.7.1-1ubuntu1.3.diff.gz Size/MD5: 82145 883aaca0405a3c70dee3017934c02054 moin_1.7.1-1ubuntu1.3.dsc Size/MD5: 1351 2ec2a7468d65b3e259b7f513ee4b3dd3 http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.7.1.orig.tar.gz Size/MD5: 5468224 871337b8171c91f9a6803e5376857e8d
Architecture independent packages:
python-moinmoin_1.7.1-1ubuntu1.3_all.deb Size/MD5: 4498940 4d431e9e1fa15d78849f23c3fecc5237
Updated packages for Ubuntu 9.04:
Source archives:
moin_1.8.2-2ubuntu2.2.diff.gz Size/MD5: 104519 45d696b2c87d1e890fc1cb9bcdc29284 moin_1.8.2-2ubuntu2.2.dsc Size/MD5: 1354 73b47d21e13df9d87b5907c38dd02949 http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.2.orig.tar.gz Size/MD5: 5943057 b3ced56bbe09311a7c56049423214cdb
Architecture independent packages:
python-moinmoin_1.8.2-2ubuntu2.2_all.deb Size/MD5: 3903450 95c4bfcd53b45cf5bc7a5b369d2533c8
Updated packages for Ubuntu 9.10:
Source archives:
moin_1.8.4-1ubuntu1.1.diff.gz Size/MD5: 109195 ac4a31caeda3ff4f039d3adc38a2cc20 moin_1.8.4-1ubuntu1.1.dsc Size/MD5: 1359 3d53805d47bc3fbd25a1965b26f3b70b http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.4.orig.tar.gz Size/MD5: 5959517 6a91a62f5c0dd5379f3c2411c6629496
Architecture independent packages:
python-moinmoin_1.8.4-1ubuntu1.1_all.deb Size/MD5: 3925688 ea6faa18323006cef4548b0a0e961350
--y0ulUmNC+osPPQO6 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkuZoGgACgkQW0JvuRdL8BpgTACgkXeQKyCYtKrylUE/IT17hteb FIEAn0j6fdGstbjfDAEICBO8W67fzvh2 =OxRL -----END PGP SIGNATURE-----
--y0ulUmNC+osPPQO6--
--===============2656602295755494510== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============2656602295755494510==--
|
|
|
|