--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-7761
2009-07-19 03:26:20
--------------------------------------------------------------------------------

Name        : moin
Product     : Fedora 10
Version     : 1.6.4
Release     : 3.fc10
URL         : http://moinmo.in/
Summary     : MoinMoin is a WikiEngine to collaborate on easily editable web pages
Description :
MoinMoin is an advanced, easy to use and extensible WikiEngine with a large
community of users. Said in a few words, it is about collaboration on easily
editable web pages.

--------------------------------------------------------------------------------
Update Information:

This update removes the filemanager and _samples directories from the embedded
FCKeditor, they contain code with know security vulnerabilities, even though
that code couldn't be invoked when Moin was used with the default settings. Moin
was probably not affected, but installing this update is still recommended as a
security measure. CVE-2009-2265 is the related CVE identifier.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jul 12 2009 Ville-Pekka Vainio  1.6.4-3
- Remove the filemanager and _samples directories from the embedded FCKeditor,
  they contain code with know security vulnerabilities, even though that code
  probably couldn't be invoked when moin was used with the default settings.
- Fixes rhbz #509924, related to CVE-2009-2265
* Sat Jun 13 2009 Ville-Pekka Vainio  1.6.4-2
- Hierarchical ACL security fix from 1.8.4, 1.8 HG 897cdbe9e8f2
- Details at http://moinmo.in/SecurityFixes#moin_1.8.3
- Convert CHANGES to UTF-8
* Mon Apr 20 2009 Ville-Pekka Vainio  1.6.4-1
- Update to 1.6.4
- CVE-2008-3381 fixed upstream
- Re-fix CVE-2008-0781, upstream seems to have dropped the fix in 1.6,
  used part of upstream 1.5 db212dfc58ef, backported upstream 1.7 5f51246a4df1
  and 269a1fbc3ed7
- Fix CVE-2009-0260, patch from Debian etch
- Fix CVE-2009-0312
- Fix AttachFile escaping problems, backported upstream 1.7 5c4043e651b3
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #509924 - CVE-2009-2265 moin: embedded fckeditor multiple directory traversal vulns
        https://bugzilla.redhat.com/show_bug.cgi?id=509924
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update moin' at the command line.
For more information, refer to "Managing Software with yum",
available at .

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce

Fedora 10 Update: moin-1.6.4-3.fc10

July 19, 2009
This update removes the filemanager and _samples directories from the embedded FCKeditor, they contain code with know security vulnerabilities, even though that code couldn't be i...

Summary

MoinMoin is an advanced, easy to use and extensible WikiEngine with a large

community of users. Said in a few words, it is about collaboration on easily

editable web pages.

Update Information:

This update removes the filemanager and _samples directories from the embedded FCKeditor, they contain code with know security vulnerabilities, even though that code couldn't be invoked when Moin was used with the default settings. Moin was probably not affected, but installing this update is still recommended as a security measure. CVE-2009-2265 is the related CVE identifier.

Change Log

* Sun Jul 12 2009 Ville-Pekka Vainio 1.6.4-3 - Remove the filemanager and _samples directories from the embedded FCKeditor, they contain code with know security vulnerabilities, even though that code probably couldn't be invoked when moin was used with the default settings. - Fixes rhbz #509924, related to CVE-2009-2265 * Sat Jun 13 2009 Ville-Pekka Vainio 1.6.4-2 - Hierarchical ACL security fix from 1.8.4, 1.8 HG 897cdbe9e8f2 - Details at http://moinmo.in/SecurityFixes#moin_1.8.3 - Convert CHANGES to UTF-8 * Mon Apr 20 2009 Ville-Pekka Vainio 1.6.4-1 - Update to 1.6.4 - CVE-2008-3381 fixed upstream - Re-fix CVE-2008-0781, upstream seems to have dropped the fix in 1.6, used part of upstream 1.5 db212dfc58ef, backported upstream 1.7 5f51246a4df1 and 269a1fbc3ed7 - Fix CVE-2009-0260, patch from Debian etch - Fix CVE-2009-0312 - Fix AttachFile escaping problems, backported upstream 1.7 5c4043e651b3

References

[ 1 ] Bug #509924 - CVE-2009-2265 moin: embedded fckeditor multiple directory traversal vulns https://bugzilla.redhat.com/show_bug.cgi?id=509924

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update moin' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
Name : moin
Product : Fedora 10
Version : 1.6.4
Release : 3.fc10
URL : http://moinmo.in/
Summary : MoinMoin is a WikiEngine to collaborate on easily editable web pages

Related News

30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved