=========================================================== 
Ubuntu Security Notice USN-421-1          February 10, 2007
moin, moin1.3 vulnerability
CVE-2007-0857
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  moin                                     1.2.4-1ubuntu2.1
  python2.3-moinmoin                       1.3.4-6ubuntu1.1
  python2.4-moinmoin                       1.3.4-6ubuntu1.1

Ubuntu 6.06 LTS:
  python2.4-moinmoin                       1.5.2-1ubuntu2.1

Ubuntu 6.10:
  python2.4-moinmoin                       1.5.3-1ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

A flaw was discovered in MoinMoin's page name sanitizer which could lead 
to a cross-site scripting attack.  By tricking a user into viewing a 
crafted MoinMoin page, an attacker could execute arbitrary JavaScript as 
the current MoinMoin user, possibly exposing the user's authentication 
information for the domain where MoinMoin was hosted.


Updated packages for Ubuntu 5.10:

  Source archives:

          Size/MD5:    44173 692c6d70ddfcd4bee6c52b5a058e12a5
          Size/MD5:      787 5d884216cdba772e9e4aa899754b043f
          Size/MD5:  3085225 aff667e7c60c5af2525cd1381f417608
          Size/MD5:    38141 d36e9f5e4a49fbd5cbf3660e26a2bb08
          Size/MD5:      646 a12da82f5b5bc78c4fa81d0a41d3505d
          Size/MD5:  1142734 4fea82b27079d1db50a38cf06317cfaa

  Architecture independent packages:

          Size/MD5:   875380 c51d8534d114a5ac8168d74078d057ac
          Size/MD5:   726336 7d06a0597d2cf730071a3ab8f89fa1b1
          Size/MD5:    50100 8989297583d220982a5d357024b67512
          Size/MD5:   584174 320ab3f0940162c0d9effc5c6c20eeb6
          Size/MD5:   584184 8d64c3204991c3f0f1ef23fbb76b3ccc

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:    36962 a118fa520ea2ffbb43138ddbed7fdf79
          Size/MD5:      702 220ca3322333fff147b16635b632b6a6
          Size/MD5:  3975925 689ed7aa9619aa207398b996d68b4b87

  Architecture independent packages:

          Size/MD5:  1507708 cc18106ba9a34162b5895474ffcd78a3
          Size/MD5:    69348 87fba532f3c2a2dbc4d5e24efe0adedf
          Size/MD5:   834402 731d1b0936fe0002372e38fd196f2904

Updated packages for Ubuntu 6.10:

  Source archives:

          Size/MD5:    37699 aa17a2ab9e6228584e6215bde1f65dcb
          Size/MD5:      726 cc673d0b1366fe30e7be24efb5655b08
          Size/MD5:  4187091 e95ec46ee8de9527a39793108de22f7d

  Architecture independent packages:

          Size/MD5:  1574710 405eb7dd6d415d75897b38c27c137cc6
          Size/MD5:    73438 2257461978d5728ff0028cfef6964735
          Size/MD5:   908768 b3a8d8fe09d6a0d33bde2a3e42c9d389


--+ARLBH93C7pgvpZY
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFzTsHH/9LqRcGPm0RAmOjAJ9+WWIZ8otDqLelWsMEZLUziXKMzwCfaM/O
8KX3S8bOOPBALPoOuN4UQpo=KsWx
-----END PGP SIGNATURE-------+ARLBH93C7pgvpZY--
--==============66970528=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--==============66970528==--

Ubuntu: MoinMoin vulnerability

February 9, 2007
A flaw was discovered in MoinMoin's page name sanitizer which could lead to a cross-site scripting attack

Summary

Update Instructions

References

Severity
Ubuntu Security Notice USN-421-1 February 10, 2007

Package Information

Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved