|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 56
Members: 0
Total: 56
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Ubuntu Security Notice USN-423-1 |
|
Posted: Fri Feb 23, 2007 3:27 am |
|
|
Dinosaurio |
Regular user |
|
|
Joined: Aug 11, 2006 |
Posts: 10 |
|
|
|
|
|
|
|
Hi,
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.10:
moin 1.2.4-1ubuntu2.2
python-moinmoin 1.3.4-6ubuntu1.5.10
Ubuntu 6.06 LTS:
python-moinmoin 1.5.2-1ubuntu2.2
Ubuntu 6.10:
python-moinmoin 1.5.3-1ubuntu1.2
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
A flaw was discovered in MoinMoin's debug reporting sanitizer which
could lead to a cross-site scripting attack. By tricking a user into
viewing a crafted MoinMoin URL, an attacker could execute arbitrary
JavaScript as the current MoinMoin user, possibly exposing the user's
authentication information for the domain where MoinMoin was hosted.
Only Ubuntu Breezy was vulnerable. (CVE-2007-0901)
An information leak was discovered in MoinMoin's debug reporting, which
could expose information about the versions of software running on the
host system. MoinMoin administrators can add "show_traceback=0" to
their site configurations to disable debug tracebacks. (CVE-2007-0902)
Good Luck
Dino |
|
|
|
|
|
www.waraxe.us Forum Index -> Linux world
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|