=========================================================== Ubuntu Security Notice USN-911-1 March 11, 2010 moin vulnerabilities CVE-2010-0668, CVE-2010-0669, CVE-2010-0717 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: python2.4-moinmoin 1.5.2-1ubuntu2.5 Ubuntu 8.04 LTS: python-moinmoin 1.5.8-5.1ubuntu2.3 Ubuntu 8.10: python-moinmoin 1.7.1-1ubuntu1.3 Ubuntu 9.04: python-moinmoin 1.8.2-2ubuntu2.2 Ubuntu 9.10: python-moinmoin 1.8.4-1ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that several wiki actions and preference settings in MoinMoin were not protected from cross-site request forgery (CSRF). If an authenticated user were tricked into visiting a malicious website while logged into MoinMoin, a remote attacker could change the user's configuration or wiki content. (CVE-2010-0668, CVE-2010-0717) It was discovered that MoinMoin did not properly sanitize its input when processing user preferences. An attacker could enter malicious content which when viewed by a user, could render in unexpected ways. (CVE-2010-0669)