Articles / Ubuntu: New MoinMoin packag…

Ubuntu: New MoinMoin packages fix various security issues

It was discovered that several wiki actions and preference settings in MoinMoin were not protected from cross-site request forgery (CSRF). If an authenticated user were tricked into visiting a malicious website while logged into MoinMoin, a remote attacker could change the user’s configuration or wiki content. It was discovered that MoinMoin did not properly sanitize its input when processing user preferences. An attacker could enter malicious content which when viewed by a user, could render in unexpected ways. Updated packages are available from security.ubuntu.com.

===========================================================
Ubuntu Security Notice USN-911-1             March 11, 2010
moin vulnerabilities
CVE-2010-0668, CVE-2010-0669, CVE-2010-0717
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
 python2.4-moinmoin              1.5.2-1ubuntu2.5

Ubuntu 8.04 LTS:
 python-moinmoin                 1.5.8-5.1ubuntu2.3

Ubuntu 8.10:
 python-moinmoin                 1.7.1-1ubuntu1.3

Ubuntu 9.04:
 python-moinmoin                 1.8.2-2ubuntu2.2

Ubuntu 9.10:
 python-moinmoin                 1.8.4-1ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that several wiki actions and preference settings in
MoinMoin were not protected from cross-site request forgery (CSRF). If an
authenticated user were tricked into visiting a malicious website while
logged into MoinMoin, a remote attacker could change the user's
configuration or wiki content. (CVE-2010-0668, CVE-2010-0717)

It was discovered that MoinMoin did not properly sanitize its input when
processing user preferences. An attacker could enter malicious content
which when viewed by a user, could render in unexpected ways.
(CVE-2010-0669)


Updated packages for Ubuntu 6.06 LTS:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2-1ubuntu2.5.diff.gz
     Size/MD5:    47842 c9de4722f63975d5b0d549f4541faefb
   http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2-1ubuntu2.5.dsc
     Size/MD5:      711 4261e09e14aba68d31430e62fad58b96
   http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2.orig.tar.gz
     Size/MD5:  3975925 689ed7aa9619aa207398b996d68b4b87

 Architecture independent packages:

   http://security.ubuntu.com/ubuntu/pool/main/m/moin/moinmoin-common_1.5.2-1ubuntu2.5_all.deb
     Size/MD5:  1508744 e4635b7122dc5791d393c23a50442f59
   http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.5.2-1ubuntu2.5_all.deb
     Size/MD5:    70056 c4d4c744b89a48208971de0f39487f78
   http://security.ubuntu.com/ubuntu/pool/main/m/moin/python2.4-moinmoin_1.5.2-1ubuntu2.5_all.deb
     Size/MD5:   836826 8dfa7e8f720ba2e20bd8255af805c51b

Updated packages for Ubuntu 8.04 LTS:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.8-5.1ubuntu2.3.diff.gz
     Size/MD5:    67691 2c68baf991470b12246be536daeb8507
   http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.8-5.1ubuntu2.3.dsc
     Size/MD5:      990 db1dd97700f22787217f388eb38f9970
   http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.8.orig.tar.gz
     Size/MD5:  4351630 79625eaeb65907bfaf8b3036d81c82a5

 Architecture independent packages:

   http://security.ubuntu.com/ubuntu/pool/main/m/moin/moinmoin-common_1.5.8-5.1ubuntu2.3_all.deb
     Size/MD5:  1661934 c7dcf03359418f3bda85596ffaa8ca39
   http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.5.8-5.1ubuntu2.3_all.deb
     Size/MD5:   943176 9646e309a911cf1612bea0b639656a8d

Updated packages for Ubuntu 8.10:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.7.1-1ubuntu1.3.diff.gz
     Size/MD5:    82145 883aaca0405a3c70dee3017934c02054
   http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.7.1-1ubuntu1.3.dsc
     Size/MD5:     1351 2ec2a7468d65b3e259b7f513ee4b3dd3
   http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.7.1.orig.tar.gz
     Size/MD5:  5468224 871337b8171c91f9a6803e5376857e8d

 Architecture independent packages:

   http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.7.1-1ubuntu1.3_all.deb
     Size/MD5:  4498940 4d431e9e1fa15d78849f23c3fecc5237

Updated packages for Ubuntu 9.04:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.2-2ubuntu2.2.diff.gz
     Size/MD5:   104519 45d696b2c87d1e890fc1cb9bcdc29284
   http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.2-2ubuntu2.2.dsc
     Size/MD5:     1354 73b47d21e13df9d87b5907c38dd02949
   http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.2.orig.tar.gz
     Size/MD5:  5943057 b3ced56bbe09311a7c56049423214cdb

 Architecture independent packages:

   http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.8.2-2ubuntu2.2_all.deb
     Size/MD5:  3903450 95c4bfcd53b45cf5bc7a5b369d2533c8

Updated packages for Ubuntu 9.10:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.4-1ubuntu1.1.diff.gz
     Size/MD5:   109195 ac4a31caeda3ff4f039d3adc38a2cc20
   http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.4-1ubuntu1.1.dsc
     Size/MD5:     1359 3d53805d47bc3fbd25a1965b26f3b70b
   http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.8.4.orig.tar.gz
     Size/MD5:  5959517 6a91a62f5c0dd5379f3c2411c6629496

 Architecture independent packages:

   http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.8.4-1ubuntu1.1_all.deb
     Size/MD5:  3925688 ea6faa18323006cef4548b0a0e961350



-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.