drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Cross-Site Scripting in MoinMoin
Name: |
Cross-Site Scripting in MoinMoin |
|
ID: |
USN-774-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 8.10, Ubuntu 9.04 |
|
Datum: |
Mo, 11. Mai 2009, 17:24 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1482 |
|
Applikationen: |
MoinMoin |
|
Originalnachricht |
--===============6366591265827989658== Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-Fh1kA1H7MTl1bsff/aQC"
--=-Fh1kA1H7MTl1bsff/aQC Content-Type: text/plain Content-Transfer-Encoding: quoted-printable
Ubuntu Security Notice USN-774-1 May 11, 2009========================================================== moin vulnerability CVE-2009-1482 ========================================================== A security issue affects the following Ubuntu releases:
Ubuntu 8.10 Ubuntu 9.04
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 8.10: python-moinmoin 1.7.1-1ubuntu1.2
Ubuntu 9.04: python-moinmoin 1.8.2-2ubuntu2.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
It was discovered that MoinMoin did not properly sanitize its input when attaching files, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.7.1-1ubuntu1.= 2.diff.gz Size/MD5: 70843 b324c3563a0455831aac793c235ad553 http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.7.1-1ubuntu1.= 2.dsc Size/MD5: 1350 ae2583d23ef966e67bb6a7df4c002dba http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.7.1.orig.tar.= gz Size/MD5: 5468224 871337b8171c91f9a6803e5376857e8d
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.7.= 1-1ubuntu1.2_all.deb Size/MD5: 4498492 7280f01e0199a258dd4b720b8c6eaf84
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.2-2ubuntu2.= 1.diff.gz Size/MD5: 94431 35acf54b1a7351568fc80c2e3711bbf8 http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.2-2ubuntu2.= 1.dsc Size/MD5: 1350 62c722d613bcded1fb4ff93729eec31a http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.2.orig.tar.= gz Size/MD5: 5943057 b3ced56bbe09311a7c56049423214cdb
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.8.= 2-2ubuntu2.1_all.deb Size/MD5: 3902618 ea5f597ed7b0cc76af72b3e5c65cfaa2
--=-Fh1kA1H7MTl1bsff/aQC Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iEYEABECAAYFAkoIQnsACgkQLMAs/0C4zNo8dwCgt75G2ARff75EXC38gv7GaScA D8IAn2DFiTyC6e2XtTAul9WyMIQUXsFu =3GWm -----END PGP SIGNATURE-----
--=-Fh1kA1H7MTl1bsff/aQC--
--===============6366591265827989658== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============6366591265827989658==--
|
|
|
|