Debian: DSA-2421-1: moodle security update

    Date29 Feb 2012
    CategoryDebian
    84
    Posted ByLinuxSecurity Advisories
    Several security issues have been fixed in Moodle, a course management system for online learning: CVE-2011-4308 / CVE-2012-0792
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-2421-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                        Moritz Muehlenhoff
    February 29, 2012                      http://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : moodle
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE ID         : CVE-2011-4308 CVE-2011-4584 CVE-2011-4585 CVE-2011-4586 
                     CVE-2011-4587 CVE-2011-4588 CVE-2012-0792 CVE-2012-0793 
                     CVE-2012-0794 CVE-2012-0795 CVE-2012-0796
    
    Several security issues have been fixed in Moodle, a course management 
    system for online learning:
    
    CVE-2011-4308 / CVE-2012-0792
    
       Rossiani Wijaya discovered an information leak in 
       mod/forum/user.php
    
    CVE-2011-4584
    
       MNET authentication didn't prevent a user using "Login As" from 
       jumping to a remove MNET SSO.
    
    CVE-2011-4585
    
       Darragh Enright discovered that the change password form was send in 
       over plain HTTP even if httpslogin was set to "true".
    
    CVE-2011-4586
    
       David Michael Evans and German Sanchez Gances discovered CRLF 
       injection/HTTP response splitting vulnerabilities in the Calendar 
       module.
    
    CVE-2011-4587
    
       Stephen Mc Guiness discovered empty passwords could be entered in 
       some circumstances.
    
    CVE-2011-4588
    
       Patrick McNeill that IP address restrictions could be bypassed in 
       MNET.
    
    CVE-2012-0796
    
       Simon Coggins discovered that additional information could be 
       injected into mail headers.
    
    CVE-2012-0795
    
       John Ehringer discovered that email adresses were insufficiently
       validated.
    
    CVE-2012-0794
    
       Rajesh Taneja discovered that cookie encryption used a fixed key.
    
    CVE-2012-0793
    
       Eloy Lafuente discovered that profile images were insufficiently
       protected. A new configuration option "forceloginforprofileimages"
       was introduced for that.
    
    For the stable distribution (squeeze), this problem has been fixed in
    version 1.9.9.dfsg2-2.1+squeeze3.
    
    For the unstable distribution (sid), this problem has been fixed in
    version 1.9.9.dfsg2-5.
    
    We recommend that you upgrade your moodle packages.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"40","type":"x","order":"1","pct":48.78,"resources":[]},{"id":"88","title":"Should be more technical","votes":"13","type":"x","order":"2","pct":15.85,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"29","type":"x","order":"3","pct":35.37,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.