Bug 520543 (CVE-2009-2944) - CVE-2009-2944 ikiwiki: arbitrary file read via crafted TeX commands
Summary: CVE-2009-2944 ikiwiki: arbitrary file read via crafted TeX commands
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2009-2944
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://web.nvd.nist.gov/view/vuln/det...
Whiteboard: impact=moderate,source=cve,reported=2...
Depends On: 520544
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-09-01 03:24 UTC by Vincent Danen
Modified: 2019-06-08 12:49 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-09-13 20:14:17 UTC


Attachments (Terms of Use)

Description Vincent Danen 2009-09-01 03:24:09 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-2944 to
the following vulnerability:

Name: CVE-2009-2944
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2944
Assigned: 20090823
Reference: CONFIRM: http://ikiwiki.info/security/#index35h2
Reference: BID:36181
Reference: URL: http://www.securityfocus.com/bid/36181
Reference: SECUNIA:36516
Reference: URL: http://secunia.com/advisories/36516
Reference: VUPEN:ADV-2009-2475
Reference: URL: http://www.vupen.com/english/advisories/2009/2475

Incomplete blacklist vulnerability in the teximg plugin in ikiwiki
before 3.1415926 and 2.x before 2.53.4 allows context-dependent
attackers to read arbitrary files via crafted TeX commands.

Comment 1 Vincent Danen 2009-09-01 03:26:25 UTC
This affects Fedora 11 and also Fedora 10 (I am suspecting the 2.72 version was a development snapshot of 3.x as the latest 2.x on the site is 2.53.4 and I don't see a 2.72 version anywhere).

Comment 3 Fedora Update System 2009-09-01 23:15:51 UTC
ikiwiki-3.1415926-1.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/ikiwiki-3.1415926-1.fc11

Comment 4 Fedora Update System 2009-09-01 23:15:56 UTC
ikiwiki-2.72-2.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/ikiwiki-2.72-2.fc10

Comment 5 Fedora Update System 2009-09-11 23:25:53 UTC
ikiwiki-2.72-2.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2009-09-11 23:34:59 UTC
ikiwiki-3.1415926-1.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.