Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Stefan Behte <craig@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] [ GLSA 201210-02 ] MoinMoin: Multiple vulnerabilities
Date: Fri, 19 Oct 2012 00:14:51
Message-Id: 50806BED.7080602@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201210-02
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: MoinMoin: Multiple vulnerabilities
9 Date: October 18, 2012
10 Bugs: #305663, #339295
11 ID: 201210-02
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in MoinMoin, the worst of
19 which allowing for injection of arbitrary web script or HTML.
20
21 Background
22 ==========
23
24 MoinMoin is a Python WikiEngine.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 www-apps/moinmoin < 1.9.4 >= 1.9.4
33
34 Description
35 ===========
36
37 Multiple vulnerabilities have been discovered in MoinMoin. Please
38 review the CVE identifiers referenced below for details.
39
40 Impact
41 ======
42
43 These vulnerabilities in MoinMoin allow remote users to inject
44 arbitrary web script or HTML, to obtain sensitive information and to
45 bypass the textcha protection mechanism. There are several other
46 unknown impacts and attack vectors.
47
48 Workaround
49 ==========
50
51 There is no known workaround at this time.
52
53 Resolution
54 ==========
55
56 All MoinMoin users should upgrade to the latest version:
57
58 # emerge --sync
59 # emerge --ask --oneshot --verbose ">=www-apps/moinmoin-1.9.4"
60
61 References
62 ==========
63
64 [ 1 ] CVE-2010-0668
65 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0668
66 [ 2 ] CVE-2010-0669
67 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0669
68 [ 3 ] CVE-2010-0717
69 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0717
70 [ 4 ] CVE-2010-0828
71 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0828
72 [ 5 ] CVE-2010-1238
73 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1238
74 [ 6 ] CVE-2010-2487
75 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2487
76 [ 7 ] CVE-2010-2969
77 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2969
78 [ 8 ] CVE-2010-2970
79 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2970
80 [ 9 ] CVE-2011-1058
81 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1058
82
83 Availability
84 ============
85
86 This GLSA and any updates to it are available for viewing at
87 the Gentoo Security Website:
88
89 http://security.gentoo.org/glsa/glsa-201210-02.xml
90
91 Concerns?
92 =========
93
94 Security is a primary focus of Gentoo Linux and ensuring the
95 confidentiality and security of our users' machines is of utmost
96 importance to us. Any security concerns should be addressed to
97 security@g.o or alternatively, you may file a bug at
98 https://bugs.gentoo.org.
99
100 License
101 =======
102
103 Copyright 2012 Gentoo Foundation, Inc; referenced text
104 belongs to its owner(s).
105
106 The contents of this document are licensed under the
107 Creative Commons - Attribution / Share Alike license.
108
109 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups