drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in MoinMoin
Name: |
Mehrere Probleme in MoinMoin |
|
ID: |
USN-3137-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 16.10 |
|
Datum: |
Do, 24. November 2016, 01:09 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7146 |
|
Applikationen: |
MoinMoin |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============4395304369458144847== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="JGsIrSWDXVMp4rw8J37eLHIOSLpjBNckC"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --JGsIrSWDXVMp4rw8J37eLHIOSLpjBNckC Content-Type: multipart/mixed; boundary="fKJjkiK6pm3SNqF02PLB89gaBMVMiEumX" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <3e117664-41ef-6cf8-6fc3-6aa2c7ea12e3@canonical.com> Subject: [USN-3137-1] MoinMoin vulnerabilities
--fKJjkiK6pm3SNqF02PLB89gaBMVMiEumX Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3137-1 November 23, 2016
moin vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in MoinMoin.
Software Description: - moin: Collaborative hypertext environment
Details:
It was discovered that MoinMoin did not properly sanitize certain inputs, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.10: python-moinmoin 1.9.8-1ubuntu1.16.10.1
Ubuntu 16.04 LTS: python-moinmoin 1.9.8-1ubuntu1.16.04.1
Ubuntu 14.04 LTS: python-moinmoin 1.9.7-1ubuntu2.1
Ubuntu 12.04 LTS: python-moinmoin 1.9.3-1ubuntu2.3
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-3137-1 CVE-2016-7146, CVE-2016-7148, CVE-2016-9119
Package Information: https://launchpad.net/ubuntu/+source/moin/1.9.8-1ubuntu1.16.10.1 https://launchpad.net/ubuntu/+source/moin/1.9.8-1ubuntu1.16.04.1 https://launchpad.net/ubuntu/+source/moin/1.9.7-1ubuntu2.1 https://launchpad.net/ubuntu/+source/moin/1.9.3-1ubuntu2.3
--fKJjkiK6pm3SNqF02PLB89gaBMVMiEumX--
--JGsIrSWDXVMp4rw8J37eLHIOSLpjBNckC Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJYNeHwAAoJEGVp2FWnRL6T8nAP/2sECasjLmZ4/YfKAUAKkw4p ulqx3RLsb+cAPSArVu6PXtpH1vCgpA+v+v9aUt1WHbFPUCXrBDSKElghkc9dne54 xI8f+9DSs4bXinaCZUUYPmrFCV/5PXy8dTqVkklAK/qH9rwKcHOYnTrgyClnI/3D KLMKIhNSgfVNGT8Epx2ryA35ja7eMmAKxjNfSscil/VLIqOB/lvm3CfRX8xT4vxx GnxCr9TELr1IkkJhwYaGmzWdThuxThGF5uWTpsMFNCELWeTUeB+GQQq4P7mksd3o McAt8k/HV6NLGCq/uBn1K2C0ejtVXSTnwG1yREfEmN2UyRJI4PUOvU/jL1cSVe3X frxFDqiqO6kZsimdaXWMOy63BdRJi4m4ksDRKHF+JvipOiVFFgIGhKeigjRbuBt7 vyj2ScJWvITkkK+uMVdeYrplfIygCKoHn3am5c3VSvN5IppsdirXaZrzdYmoKgvM MvghAbiHIc87bPYlZj+ZbCDAdWgob4Y3v8+tjaCQ2WYefgnocWaav5I4hd3U0MG5 6RDoZD8wjT0zgUnm3cbOcy6dwkmfkvbUJVADaDG4yt1x6BPFNSDl6y41D7U+33RT s8gVE4HPm1jwNyNWpqS9+GczJpTtkWXGcXU07v7uE0iagcts9nN2AaAHrmUW8x4e k1VR/coGN3A4bUmbLLXP =rG/e -----END PGP SIGNATURE-----
--JGsIrSWDXVMp4rw8J37eLHIOSLpjBNckC--
--===============4395304369458144847== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============4395304369458144847==--
|
|
|
|