Debian 5.0: DSA-2115-2 Critical: Moodle Remote Threats Resolved
debian
October 11, 2010
DSA-2115-1 introduced a regression because it lacked a dependency on the wwwconfig-common package, leading to installations problems
Summary
DSA-2115-1 introduced a regression because it lacked a dependency on
the wwwconfig-common package, leading to installations problems. This
update addresses this issue. For reference, the text of the original
advisory is provided below.
Several remote vulnerabilities have been discovered in Moodle, a
course management system. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2010-1613
Moodle does not enable the "Regenerate session id during
login" setting by default, which makes it easier for remote
attackers to conduct session fixation attacks.
CVE-2010-1614
Multiple cross-site scripting (XSS) vulnerabilities allow
remote attackers to inject arbitrary web script or HTML via
vectors related to (1) the Login-As feature or (2) when the
global search feature is enabled, unspecified global search
forms in the Global Search Engine.
CVE-2010-1615
Multiple SQL injection vulnerabilities allow remote attackers to execute arbitrary SQL commands via vectors relat...
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!