Common bugs and fixes in Python mwlib Library 0.x

[Kakashi Hatake]

Sponsored Links

I have opened this thread so that people can come up with commonly faced bugs and the fixes for the same.

To start with the following bug:
An exploitable vulnerability has been detected in Python mwlib which can be used by people to cause DoS. It is caused by by an error within the regular expression parser when handling #iferror.
The solution to this is: Update to version 0.13.5

I request everyone to follow the same posting pattern for people to understand it better.

[Ebadaah28]

I can’t start my issue without saying this is indeed a noble thread. The problem that I am talking about is due to an error within the Lightweight Directory Access Protocol (LDAP) authentication when handling invalid bind account credentials, which can be exploited to log-in to LDAP-based accounts by providing an arbitrary password.

The solution to this is: Updated packages that are available via Red Hat Customer Portal.

[Badrinath]

My issue:
Ubuntu has issued an update for xulrunner-1.9.2. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose certain sensitive information, conduct cross-site scripting attacks, and compromise a user's system.

The solution to this is: to update packages

[shetty]

An issue has been discovered by K1POD in LiteSpeed Web Server, which can be used to conduct cross-site scripting attacks.

input which is passed to service/graph_html.php through 'gtitle' is not reliable. unwanted or unexpected codes can be executed due to this flaw

The solution to this would be: To edit the source code and make sure that it is efficiently sanitized

[Caelyn]

Moodle is falling prey to a number of security flaws which can lead to third person intrusion or exploitation of personal information


1) There's an unresolved error in handling of access permissions in the database to export data. this can possibly lead to disclosure of database content to unauthorized groups

2) there's an error spotted in the web service function "core_user_update_users" resets the password which'll lead by people to log in with empty password

3) contents of restricted repositories can be disclosed because there are n-number of errors in access permission in epository/coursefiles/db/access.php, repository/filesystem/db/access.php, repository/local/db/access.php, and repository/webdav/db/access.php

4) similarly, an error in access permission in the "load_for_user()" can disclose user's last name on the breadcrumbs page

The solution to this would be to Update to version 2.1.5 or 2.2.2.