Synopsis
The remote Fedora host is missing a security update.
Description
- Sat Apr 3 2010 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> - 1.8.7-2
- Fixes CVE-2010-0828 (rhbz#578801)
- Thu Feb 18 2010 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> - 1.8.7-1
- Fixed major security issues in miscellaneous parts of moin
- http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANG ES
- http://secunia.com/advisories/38444/
- Fixes rhbz#565604
- Mon Dec 28 2009 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> - 1.8.6-1
- 1.8.6, mostly bug fixes
- http://hg.moinmo.in/moin/1.8/raw-file/1.8.6/docs/CHANG ES
- Tue Sep 15 2009 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> - 1.8.5-1
- 1.8.5
- Includes multiple bug fixes, a new FCKeditor version and some new features
- http://hg.moinmo.in/moin/1.8/raw-file/1.8.5/docs/CHANG ES
- Sat Jul 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.8.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
- Sun Jul 12 2009 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> 1.8.4-2
- Remove the filemanager directory from the embedded FCKeditor, it contains code with know security vulnerabilities, even though that code couldn't be invoked when moin was used with the default settings.
- Fixes rhbz #509924, related to CVE-2009-2265
- Sat Jun 13 2009 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> 1.8.4-1
- Update to 1.8.4, http://moinmo.in/MoinMoinRelease1.8 has a list of changes.
- Includes a security fix for hierarchical ACL (not the default mode), http://moinmo.in/SecurityFixes has the details.
- Drop previous security patches, those are not needed anymore.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
Update the affected moin package.
Plugin Details
File Name: fedora_2010-6012.nasl
Agent: unix
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N
Vulnerability Information
CPE: p-cpe:/a:fedoraproject:fedora:moin, cpe:/o:fedoraproject:fedora:11
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 4/9/2010