Linux Security
    Linux Security
    Linux Security

    Debian: DSA-2421-1: moodle security update

    Date
    174
    Posted By
    Several security issues have been fixed in Moodle, a course management system for online learning: CVE-2011-4308 / CVE-2012-0792
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-2421-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                        Moritz Muehlenhoff
    February 29, 2012                      https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : moodle
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE ID         : CVE-2011-4308 CVE-2011-4584 CVE-2011-4585 CVE-2011-4586 
                     CVE-2011-4587 CVE-2011-4588 CVE-2012-0792 CVE-2012-0793 
                     CVE-2012-0794 CVE-2012-0795 CVE-2012-0796
    
    Several security issues have been fixed in Moodle, a course management 
    system for online learning:
    
    CVE-2011-4308 / CVE-2012-0792
    
       Rossiani Wijaya discovered an information leak in 
       mod/forum/user.php
    
    CVE-2011-4584
    
       MNET authentication didn't prevent a user using "Login As" from 
       jumping to a remove MNET SSO.
    
    CVE-2011-4585
    
       Darragh Enright discovered that the change password form was send in 
       over plain HTTP even if httpslogin was set to "true".
    
    CVE-2011-4586
    
       David Michael Evans and German Sanchez Gances discovered CRLF 
       injection/HTTP response splitting vulnerabilities in the Calendar 
       module.
    
    CVE-2011-4587
    
       Stephen Mc Guiness discovered empty passwords could be entered in 
       some circumstances.
    
    CVE-2011-4588
    
       Patrick McNeill that IP address restrictions could be bypassed in 
       MNET.
    
    CVE-2012-0796
    
       Simon Coggins discovered that additional information could be 
       injected into mail headers.
    
    CVE-2012-0795
    
       John Ehringer discovered that email adresses were insufficiently
       validated.
    
    CVE-2012-0794
    
       Rajesh Taneja discovered that cookie encryption used a fixed key.
    
    CVE-2012-0793
    
       Eloy Lafuente discovered that profile images were insufficiently
       protected. A new configuration option "forceloginforprofileimages"
       was introduced for that.
    
    For the stable distribution (squeeze), this problem has been fixed in
    version 1.9.9.dfsg2-2.1+squeeze3.
    
    For the unstable distribution (sid), this problem has been fixed in
    version 1.9.9.dfsg2-5.
    
    We recommend that you upgrade your moodle packages.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    Tails is the most secure Linux distro out there.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/41-ubuntu-is-a-more-secure-distro-than-fedora?task=poll.vote&format=json
    41
    radio
    [{"id":"142","title":"Yes - Tails get my vote!","votes":"2","type":"x","order":"1","pct":100,"resources":[]},{"id":"143","title":"Nope - Parrot OS has surpassed Tails in its security and privacy.","votes":"0","type":"x","order":"2","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.