Debian: DSA-2338-1 Moderate: Moodle Remote Issues Security Fix
debian
November 7, 2011
Several cross-site scripting and information disclosure issues have been fixed in Moodle, a course management system for online learning: * MSA-11-0020 Continue links in error mess...
Summary
Several cross-site scripting and information disclosure issues have
been fixed in Moodle, a course management system for online learning:
* MSA-11-0020 Continue links in error messages can lead offsite
* MSA-11-0024 Recaptcha images were being authenticated from an older
server
* MSA-11-0025 Group names in user upload CSV not escaped
* MSA-11-0026 Fields in user upload CSV not escaped
* MSA-11-0031 Forms API constant issue
* MSA-11-0032 MNET SSL validation issue
* MSA-11-0036 Messaging refresh vulnerability
* MSA-11-0037 Course section editing injection vulnerability
* MSA-11-0038 Database injection protection strengthened
For the stable distribution (squeeze), this problem has been fixed in
version 1.9.9.dfsg2-2.1+squeeze2.
For the unstable distribution (sid), this problem has been fixed in
version 1.9.9.dfsg2-4.
We recommend that you upgrade your moodle packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked quest...
PREVIOUS
NEXT
Package: moodle
CVE ID: not yet available
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!