Ubuntu Security Notice 458-1

Ubuntu Security Notice 458-1: Posted May 10, 2007; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 458-1 - A flaw was discovered in MoinMoin's error reporting when using the AttachFile action. By tricking a user into viewing a crafted MoinMoin URL, an attacker could execute arbitrary JavaScript as the current MoinMoin user, possibly exposing the user's authentication information for the domain where MoinMoin was hosted. Flaws were discovered in MoinMoin's ACL handling for calendars and includes. Unauthorized users would be able to read pages that would otherwise be unavailable to them.; tags | advisory, arbitrary, javascript; systems | linux, ubuntu; advisories | CVE-2007-2423; SHA-256 | 79ff4007940ac7bc6cb3a1e7d6bfafb16c9d212d42fe70817b345ccb7b9731de; Download | Favorite | View

Ubuntu Security Notice 458-1

=========================================================== 
Ubuntu Security Notice USN-458-1               May 07, 2007
moin vulnerabilities
CVE-2007-2423
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  python2.4-moinmoin                       1.5.2-1ubuntu2.3

Ubuntu 6.10:
  python2.4-moinmoin                       1.5.3-1ubuntu1.3

Ubuntu 7.04:
  python-moinmoin                          1.5.3-1.1ubuntu3.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

A flaw was discovered in MoinMoin's error reporting when using the 
AttachFile action.  By tricking a user into viewing a crafted MoinMoin 
URL, an attacker could execute arbitrary JavaScript as the current 
MoinMoin user, possibly exposing the user's authentication information 
for the domain where MoinMoin was hosted. (CVE-2007-2423)

Flaws were discovered in MoinMoin's ACL handling for calendars and 
includes.  Unauthorized users would be able to read pages that would 
otherwise be unavailable to them.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    https://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2-1ubuntu2.3.diff.gz
      Size/MD5:    39487 c3b1dfe20a3bb839def08020159321ef
    https://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2-1ubuntu2.3.dsc
      Size/MD5:      702 584b400e32f0fae1aef2fa69ffed2bd8
    https://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2.orig.tar.gz
      Size/MD5:  3975925 689ed7aa9619aa207398b996d68b4b87

  Architecture independent packages:

    https://security.ubuntu.com/ubuntu/pool/main/m/moin/moinmoin-common_1.5.2-1ubuntu2.3_all.deb
      Size/MD5:  1507924 c53bc6a1452309b150dc86d0884feea6
    https://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.5.2-1ubuntu2.3_all.deb
      Size/MD5:    69548 cc8dd84cef4cd95749a7f3914c55b49b
    https://security.ubuntu.com/ubuntu/pool/main/m/moin/python2.4-moinmoin_1.5.2-1ubuntu2.3_all.deb
      Size/MD5:   834738 950146660e787274fe0d69a8ab2bff5d

Updated packages for Ubuntu 6.10:

  Source archives:

    https://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.3-1ubuntu1.3.diff.gz
      Size/MD5:    40234 e232754328aa47d1f2c5be8252392bf3
    https://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.3-1ubuntu1.3.dsc
      Size/MD5:      726 86bb330aafbfb7c428950f8646fc084b
    https://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.3.orig.tar.gz
      Size/MD5:  4187091 e95ec46ee8de9527a39793108de22f7d

  Architecture independent packages:

    https://security.ubuntu.com/ubuntu/pool/main/m/moin/moinmoin-common_1.5.3-1ubuntu1.3_all.deb
      Size/MD5:  1574744 57f533196afd6198798b24eaa105d596
    https://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.5.3-1ubuntu1.3_all.deb
      Size/MD5:    73640 64019d9f0109287760bfd5b4660cdc4b
    https://security.ubuntu.com/ubuntu/pool/main/m/moin/python2.4-moinmoin_1.5.3-1ubuntu1.3_all.deb
      Size/MD5:   909078 f6deadb7c99624b72b08b973c0973f8f

Updated packages for Ubuntu 7.04:

  Source archives:

    https://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.3-1.1ubuntu3.1.diff.gz
      Size/MD5:    38905 30c1f2043f7629767530923b797026c5
    https://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.3-1.1ubuntu3.1.dsc
      Size/MD5:      671 7209cfa3f1a21c1a45dcb2ddf16cabb9
    https://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.3.orig.tar.gz
      Size/MD5:  4187091 e95ec46ee8de9527a39793108de22f7d

  Architecture independent packages:

    https://security.ubuntu.com/ubuntu/pool/main/m/moin/moinmoin-common_1.5.3-1.1ubuntu3.1_all.deb
      Size/MD5:  1574964 e73dd559227f0712c5d453b80a08f388
    https://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.5.3-1.1ubuntu3.1_all.deb
      Size/MD5:   914232 26c1e3c3344c2666c1150a77b0ffcccc

Top Authors In Last 30 Days

Red Hat 223 files
Ubuntu 61 files
Debian 20 files
LiquidWorm 20 files
Apple 9 files
indoushka 5 files
Gentoo 5 files
Google Security Research 4 files
Alter Prime 3 files
Chokri Hammedi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,160)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,842)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,249)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,975)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Ubuntu Security Notice 458-1

Ubuntu Security Notice 458-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice 458-1

Share This

Ubuntu Security Notice 458-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems