rss-bot
May 11th, 2009, 11:30 AM
Referenced CVEs:
CVE-2009-1482
Description:
================================================== ========= Ubuntu Security Notice USN-774-1 May 11, 2009 moin vulnerability CVE-2009-1482 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.10: python-moinmoin 1.7.1-1ubuntu1.2 Ubuntu 9.04: python-moinmoin 1.8.2-2ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that MoinMoin did not properly sanitize its input when attaching files, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
More... (http://www.ubuntu.com/usn/USN-774-1)
CVE-2009-1482
Description:
================================================== ========= Ubuntu Security Notice USN-774-1 May 11, 2009 moin vulnerability CVE-2009-1482 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.10: python-moinmoin 1.7.1-1ubuntu1.2 Ubuntu 9.04: python-moinmoin 1.8.2-2ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that MoinMoin did not properly sanitize its input when attaching files, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
More... (http://www.ubuntu.com/usn/USN-774-1)