Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: 977-1: MoinMoin vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu It was discovered that MoinMoin did not properly sanitize its input,resulting in cross-site scripting (XSS) vulnerabilities. With cross-sitescripting vulnerabilities, if a user were tricked into viewing serveroutput during a crafted server request, a remote attacker could exploitthis to modify the contents, or steal confidential data, within the same [More...]
Ubuntu Security Notice USN-977-1            August 25, 2010
moin vulnerabilities
CVE-2010-2487, CVE-2010-2969, CVE-2010-2970

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  python2.4-moinmoin              1.5.2-1ubuntu2.7

Ubuntu 8.04 LTS:
  python-moinmoin                 1.5.8-5.1ubuntu2.5

Ubuntu 9.04:
  python-moinmoin                 1.8.2-2ubuntu2.5

Ubuntu 9.10:
  python-moinmoin                 1.8.4-1ubuntu1.3

Ubuntu 10.04 LTS:
  python-moinmoin                 1.9.2-2ubuntu3.1

In general, a standard system update will make all the necessary changes.

Details follow:

It was discovered that MoinMoin did not properly sanitize its input,
resulting in cross-site scripting (XSS) vulnerabilities. With cross-site
scripting vulnerabilities, if a user were tricked into viewing server
output during a crafted server request, a remote attacker could exploit
this to modify the contents, or steal confidential data, within the same

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:    49089 798d58a0653bc3c6f340a8dfcd67139a
      Size/MD5:      711 b3b09797305667d6fcfd30e8bf7876ba
      Size/MD5:  3975925 689ed7aa9619aa207398b996d68b4b87

  Architecture independent packages:
      Size/MD5:  1508970 fbda9dabaa4e983fbc56b10d59c3fc2d
      Size/MD5:    70242 750193bf55e2d3df3f2fde6ed6b03a67
      Size/MD5:   837102 5a32177941963f7e4f706c3277c13b2d

Updated packages for Ubuntu 8.04 LTS:

  Source archives:
      Size/MD5:    68607 0edfd9492a73f79ec0abc4bc92d37be3
      Size/MD5:      990 ced66d820c57593f80df919fa69170b6
      Size/MD5:  4351630 79625eaeb65907bfaf8b3036d81c82a5

  Architecture independent packages:
      Size/MD5:  1662232 91ca3ee6f8d48db16e29aff8d3f923e6
      Size/MD5:   943264 3c08830a948982b97c93a331b2188b55

Updated packages for Ubuntu 9.04:

  Source archives:
      Size/MD5:   109042 f0195805c73089e3fda1ad724fb60493
      Size/MD5:     1354 307dda00e18ff959b74eb47c7082e954
      Size/MD5:  5943057 b3ced56bbe09311a7c56049423214cdb

  Architecture independent packages:
      Size/MD5:  3904124 583e95f544c30bbd69655ce5b7d21dbf

Updated packages for Ubuntu 9.10:

  Source archives:
      Size/MD5:   113133 d84de84bb2707f19f7a301e34505c313
      Size/MD5:     1359 510b24aa0fc1f45708dba675ddb4b322
      Size/MD5:  5959517 6a91a62f5c0dd5379f3c2411c6629496

  Architecture independent packages:
      Size/MD5:  3926296 280bb8332b7e105762cc417553579adc

Updated packages for Ubuntu 10.04:

  Source archives:
      Size/MD5:   120262 a968937a9e6fa0a2a01c00fd72d35e94
      Size/MD5:     1297 0771b4b929b30d60adf7932855653ba2
      Size/MD5: 30111807 e464c474c3a56c803dc553b8ca13c37f

  Architecture independent packages:
      Size/MD5: 14816954 944de011cd3e5cb24c8bd58cc4666882

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.