Login
Newsletter
Werbung
Sicherheit: Zwei Probleme in MoinMoin
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in MoinMoin
ID: USN-423-1
Distribution: Ubuntu
Plattformen: Ubuntu 5.10, Ubuntu 6.06, Ubuntu 6.10
Datum: Di, 20. Februar 2007, 23:22
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0901
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0902
Applikationen: MoinMoin

Originalnachricht

 

--===============1357153908==
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
 boundary="kXdP64Ggrk/fb43R"
Content-Disposition: inline


--kXdP64Ggrk/fb43R
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Ubuntu Security Notice USN-423-1          February 20,
 2007==========20=================================================
moin, moin1.3 vulnerabilities
CVE-2007-0901, CVE-2007-0902
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  moin                                     1.2.4-1ubuntu2.2
  python-moinmoin                          1.3.4-6ubuntu1.5.10

Ubuntu 6.06 LTS:
  python-moinmoin                          1.5.2-1ubuntu2.2

Ubuntu 6.10:
  python-moinmoin                          1.5.3-1ubuntu1.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

A flaw was discovered in MoinMoin's debug reporting sanitizer which
could lead to a cross-site scripting attack.  By tricking a user into
viewing a crafted MoinMoin URL, an attacker could execute arbitrary
JavaScript as the current MoinMoin user, possibly exposing the user's
authentication information for the domain where MoinMoin was hosted.
Only Ubuntu Breezy was vulnerable.  (CVE-2007-0901)

An information leak was discovered in MoinMoin's debug reporting, which
could expose information about the versions of software running on the
host system.  MoinMoin administrators can add "show_traceback=3D0" to
their site configurations to disable debug tracebacks.  (CVE-2007-0902)


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/moin1.3/moin1.3_1.3.4-6ub=
untu1.5.10.diff.gz
      Size/MD5:    45055 cf953c316085948e8dc9611835921bdc
    http://security.ubuntu.com/ubuntu/pool/main/m/moin1.3/moin1.3_1.3.4-6ub=
untu1.5.10.dsc
      Size/MD5:      793 72c93be58cada2d2ea43a6e8904a56ac
    http://security.ubuntu.com/ubuntu/pool/main/m/moin1.3/moin1.3_1.3.4.ori=
g.tar.gz
      Size/MD5:  3085225 aff667e7c60c5af2525cd1381f417608
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.2.4-1ubuntu2.=
2.diff.gz
      Size/MD5:    39039 5b3de304bb89b4ae0ca9a0a2a9c4703d
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.2.4-1ubuntu2.=
2.dsc
      Size/MD5:      646 49eadc7ac308498b2c53cde03ab8bc72
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.2.4.orig.tar.=
gz
      Size/MD5:  1142734 4fea82b27079d1db50a38cf06317cfaa

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.2.4-1ubuntu2.=
2_all.deb
      Size/MD5:   875492 439ce6791bfc4634de3c20f2aedbe025
    http://security.ubuntu.com/ubuntu/pool/main/m/moin1.3/moinmoin-common_1=
=2E3.4-6ubuntu1.5.10_all.deb
      Size/MD5:   726416 f91ba8e0a07d25811754b6d4c62a1696
    http://security.ubuntu.com/ubuntu/pool/main/m/moin1.3/python-moinmoin_1=
=2E3.4-6ubuntu1.5.10_all.deb
      Size/MD5:    50240 579771bff2ed9e979a477d7b5c47c229
    http://security.ubuntu.com/ubuntu/pool/universe/m/moin1.3/python2.3-moi=
nmoin_1.3.4-6ubuntu1.5.10_all.deb
      Size/MD5:   584382 ed7269eefdbb71e2d060c325492cff1d
    http://security.ubuntu.com/ubuntu/pool/main/m/moin1.3/python2.4-moinmoi=
n_1.3.4-6ubuntu1.5.10_all.deb
      Size/MD5:   584386 c914fa345dfdd89dc5896b04f1b02acc

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2-1ubuntu2.=
2.diff.gz
      Size/MD5:    37929 15194fb653e00c43092afcd7cf7efdcd
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2-1ubuntu2.=
2.dsc
      Size/MD5:      702 050a5cfec5708d8da0a1a6cc69621696
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2.orig.tar.=
gz
      Size/MD5:  3975925 689ed7aa9619aa207398b996d68b4b87

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moinmoin-common_1.5.=
2-1ubuntu2.2_all.deb
      Size/MD5:  1507826 a10aea39090b803979f40169b09d9eee
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.5.=
2-1ubuntu2.2_all.deb
      Size/MD5:    69418 c0c6ccb72d6086ca701806cc7375ab82
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/python2.4-moinmoin_1=
=2E5.2-1ubuntu2.2_all.deb
      Size/MD5:   834508 a0b20e90fd41c46caaf09229e32585e8

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.3-1ubuntu1.=
2.diff.gz
      Size/MD5:    38642 4f9dbe80cf2f2fd62f962fbed248f65a
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.3-1ubuntu1.=
2.dsc
      Size/MD5:      726 379049d45f6684d2bc38f7ea5f722afe
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.3.orig.tar.=
gz
      Size/MD5:  4187091 e95ec46ee8de9527a39793108de22f7d

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moinmoin-common_1.5.=
3-1ubuntu1.2_all.deb
      Size/MD5:  1574742 9e686f13fbda8d19c7e10db62b7b522b
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.5.=
3-1ubuntu1.2_all.deb
      Size/MD5:    73506 8fcda2db454c1492332cb764b081d902
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/python2.4-moinmoin_1=
=2E5.3-1ubuntu1.2_all.deb
      Size/MD5:   908884 abae777420f930a54430c6438316a20f


--kXdP64Ggrk/fb43R
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFF220jH/9LqRcGPm0RAi6UAJwISBzoFoAig/9UWEx8VVh9AsI3TwCgmowS
nt2x8vX5DXXC6oH9M/Kxi/E=
=bjZm
-----END PGP SIGNATURE-----

--kXdP64Ggrk/fb43R--


--===============1357153908==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============1357153908==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung