=========================================================== 
Ubuntu Security Notice USN-458-1               May 07, 2007
moin vulnerabilities
CVE-2007-2423
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  python2.4-moinmoin                       1.5.2-1ubuntu2.3

Ubuntu 6.10:
  python2.4-moinmoin                       1.5.3-1ubuntu1.3

Ubuntu 7.04:
  python-moinmoin                          1.5.3-1.1ubuntu3.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

A flaw was discovered in MoinMoin's error reporting when using the 
AttachFile action.  By tricking a user into viewing a crafted MoinMoin 
URL, an attacker could execute arbitrary JavaScript as the current 
MoinMoin user, possibly exposing the user's authentication information 
for the domain where MoinMoin was hosted. (CVE-2007-2423)

Flaws were discovered in MoinMoin's ACL handling for calendars and 
includes.  Unauthorized users would be able to read pages that would 
otherwise be unavailable to them.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:    39487 c3b1dfe20a3bb839def08020159321ef
          Size/MD5:      702 584b400e32f0fae1aef2fa69ffed2bd8
          Size/MD5:  3975925 689ed7aa9619aa207398b996d68b4b87

  Architecture independent packages:

          Size/MD5:  1507924 c53bc6a1452309b150dc86d0884feea6
          Size/MD5:    69548 cc8dd84cef4cd95749a7f3914c55b49b
          Size/MD5:   834738 950146660e787274fe0d69a8ab2bff5d

Updated packages for Ubuntu 6.10:

  Source archives:

          Size/MD5:    40234 e232754328aa47d1f2c5be8252392bf3
          Size/MD5:      726 86bb330aafbfb7c428950f8646fc084b
          Size/MD5:  4187091 e95ec46ee8de9527a39793108de22f7d

  Architecture independent packages:

          Size/MD5:  1574744 57f533196afd6198798b24eaa105d596
          Size/MD5:    73640 64019d9f0109287760bfd5b4660cdc4b
          Size/MD5:   909078 f6deadb7c99624b72b08b973c0973f8f

Updated packages for Ubuntu 7.04:

  Source archives:

          Size/MD5:    38905 30c1f2043f7629767530923b797026c5
          Size/MD5:      671 7209cfa3f1a21c1a45dcb2ddf16cabb9
          Size/MD5:  4187091 e95ec46ee8de9527a39793108de22f7d

  Architecture independent packages:

          Size/MD5:  1574964 e73dd559227f0712c5d453b80a08f388
          Size/MD5:   914232 26c1e3c3344c2666c1150a77b0ffcccc

Ubuntu: MoinMoin vulnerabilities

May 8, 2007
A flaw was discovered in MoinMoin's error reporting when using the AttachFile action

Summary

Update Instructions

References

Severity
Ubuntu Security Notice USN-458-1 May 07, 2007

Package Information

Related News

30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved