USN-1680-1: MoinMoin vulnerabilities

29 December 2012

moin vulnerabilities

Packages

  • moin - Collaborative hypertext environment

Details

It was discovered that MoinMoin did not properly sanitize its input when
processing AnyWikiDraw and TWikiDraw actions. A remote attacker with write
access could exploit this to overwrite arbitrary files and execute
arbitrary code with the priviliges of the web server (user 'www-data').

It was discovered that MoinMoin also did not properly sanitize its input
when processing the AttachFile action. A remote attacker could exploit
this to overwrite files via directory traversal.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.10
Ubuntu 12.04
Ubuntu 11.10
Ubuntu 10.04

In general, a standard system update will make all the necessary changes.