GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu Oct 18, 2012 11:26 pm Post subject: [ GLSA 201210-02 ] MoinMoin: Multiple vulnerabilities |
 |
|
Gentoo Linux Security Advisory
Title: MoinMoin: Multiple vulnerabilities (GLSA 201210-02)
Severity: normal
Exploitable: remote
Date: October 18, 2012
Bug(s): #305663, #339295
ID: 201210-02
Synopsis
Multiple vulnerabilities have been found in MoinMoin, the worst of
which allowing for injection of arbitrary web script or HTML.
Background
MoinMoin is a Python WikiEngine.
Affected Packages
Package: www-apps/moinmoin
Vulnerable: < 1.9.4
Unaffected: >= 1.9.4
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in MoinMoin. Please review
the CVE identifiers referenced below for details.
Impact
These vulnerabilities in MoinMoin allow remote users to inject arbitrary
web script or HTML, to obtain sensitive information and to bypass the
textcha protection mechanism. There are several other unknown impacts and
attack vectors.
Workaround
There is no known workaround at this time.
Resolution
All MoinMoin users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/moinmoin-1.9.4"
|
References
CVE-2010-0668
CVE-2010-0669
CVE-2010-0717
CVE-2010-0828
CVE-2010-1238
CVE-2010-2487
CVE-2010-2969
CVE-2010-2970
CVE-2011-1058 |
|
News & Announcements
