Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in MoinMoin
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in MoinMoin
ID: USN-3137-1
Distribution: Ubuntu
Plattformen: Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 16.10
Datum: Do, 24. November 2016, 01:09
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7146
Applikationen: MoinMoin

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============4395304369458144847==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="JGsIrSWDXVMp4rw8J37eLHIOSLpjBNckC"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--JGsIrSWDXVMp4rw8J37eLHIOSLpjBNckC
Content-Type: multipart/mixed;
boundary="fKJjkiK6pm3SNqF02PLB89gaBMVMiEumX"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <3e117664-41ef-6cf8-6fc3-6aa2c7ea12e3@canonical.com>
Subject: [USN-3137-1] MoinMoin vulnerabilities

--fKJjkiK6pm3SNqF02PLB89gaBMVMiEumX
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-3137-1
November 23, 2016

moin vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in MoinMoin.

Software Description:
- moin: Collaborative hypertext environment

Details:

It was discovered that MoinMoin did not properly sanitize certain inputs,
resulting in cross-site scripting (XSS) vulnerabilities. With cross-site
scripting vulnerabilities, if a user were tricked into viewing server
output during a crafted server request, a remote attacker could exploit
this to modify the contents, or steal confidential data, within the same
domain.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.10:
python-moinmoin 1.9.8-1ubuntu1.16.10.1

Ubuntu 16.04 LTS:
python-moinmoin 1.9.8-1ubuntu1.16.04.1

Ubuntu 14.04 LTS:
python-moinmoin 1.9.7-1ubuntu2.1

Ubuntu 12.04 LTS:
python-moinmoin 1.9.3-1ubuntu2.3

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-3137-1
CVE-2016-7146, CVE-2016-7148, CVE-2016-9119

Package Information:
https://launchpad.net/ubuntu/+source/moin/1.9.8-1ubuntu1.16.10.1
https://launchpad.net/ubuntu/+source/moin/1.9.8-1ubuntu1.16.04.1
https://launchpad.net/ubuntu/+source/moin/1.9.7-1ubuntu2.1
https://launchpad.net/ubuntu/+source/moin/1.9.3-1ubuntu2.3



--fKJjkiK6pm3SNqF02PLB89gaBMVMiEumX--

--JGsIrSWDXVMp4rw8J37eLHIOSLpjBNckC
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJYNeHwAAoJEGVp2FWnRL6T8nAP/2sECasjLmZ4/YfKAUAKkw4p
ulqx3RLsb+cAPSArVu6PXtpH1vCgpA+v+v9aUt1WHbFPUCXrBDSKElghkc9dne54
xI8f+9DSs4bXinaCZUUYPmrFCV/5PXy8dTqVkklAK/qH9rwKcHOYnTrgyClnI/3D
KLMKIhNSgfVNGT8Epx2ryA35ja7eMmAKxjNfSscil/VLIqOB/lvm3CfRX8xT4vxx
GnxCr9TELr1IkkJhwYaGmzWdThuxThGF5uWTpsMFNCELWeTUeB+GQQq4P7mksd3o
McAt8k/HV6NLGCq/uBn1K2C0ejtVXSTnwG1yREfEmN2UyRJI4PUOvU/jL1cSVe3X
frxFDqiqO6kZsimdaXWMOy63BdRJi4m4ksDRKHF+JvipOiVFFgIGhKeigjRbuBt7
vyj2ScJWvITkkK+uMVdeYrplfIygCKoHn3am5c3VSvN5IppsdirXaZrzdYmoKgvM
MvghAbiHIc87bPYlZj+ZbCDAdWgob4Y3v8+tjaCQ2WYefgnocWaav5I4hd3U0MG5
6RDoZD8wjT0zgUnm3cbOcy6dwkmfkvbUJVADaDG4yt1x6BPFNSDl6y41D7U+33RT
s8gVE4HPm1jwNyNWpqS9+GczJpTtkWXGcXU07v7uE0iagcts9nN2AaAHrmUW8x4e
k1VR/coGN3A4bUmbLLXP
=rG/e
-----END PGP SIGNATURE-----

--JGsIrSWDXVMp4rw8J37eLHIOSLpjBNckC--


--===============4395304369458144847==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============4395304369458144847==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung