星球 - USN-1026-1: Python Paste vulnerability
作者：SecurityTeam | 來自：Ubuntu security notices | 2010/12/8 2:38:35
Ubuntu Security Notice USN-1026-1 December 07, 2010
A security issue affects the following Ubuntu releases:
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 10.04 LTS:
In general, a standard system update will make all the necessary changes.
It was discovered that Python Paste did not properly sanitize certain
strings, resulting in cross-site scripting (XSS) vulnerabilities. With
cross-site scripting vulnerabilities, if a user were tricked into viewing
server output during a crafted server request, a remote attacker could
exploit this to modify the contents, or steal confidential data, within
the same domain.