USN-1604-1: MoinMoin vulnerabilities
11 October 2012
Several security issues were fixed in MoinMoin.
- moin - Collaborative hypertext environment
It was discovered that MoinMoin did not properly sanitize certain input,
resulting in a cross-site scripting (XSS) vulnerability. With cross-site
scripting vulnerabilities, if a user were tricked into viewing server
output during a crafted server request, a remote attacker could exploit
this to modify the contents, or steal confidential data, within the same
It was discovered that MoinMoin incorrectly handled group names that
contain virtual group names such as "All", "Known" or "Trusted". This could
result in a remote user having incorrect permissions. (CVE-2012-4404)
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.