Alerts This Week
Warning Icon 1 914
Alerts This Week
Warning Icon 1 914

Fedora 10 2009-13040 Security Advisory for Moodle CSRF Issues

fedora
Calendar Grey December 11, 2009
Dist Fedora Esm H88
WordPress unleashes critical patches in Ubuntu 22, tackling various concerns such as SQL injection and XSS vulnerabilities.
Moodle upstream has released latest stable versions (1.9.7 and 1.8.11), fixing multiple security issues

Summary

Moodle is a course management system (CMS) - a free, Open Source software

package designed using sound pedagogical principles, to help educators create

effective online learning communities.

Update Information:

Moodle upstream has released latest stable versions (1.9.7 and 1.8.11), fixing multiple security issues. The list for 1.9.7 release: -------------------------- Security issues * MSA-09-0022 - Multiple CSRF problems fixed * MSA-09-0023 - Fixed user account disclosure in LAMS module * MSA-09-0024 - Fixed insufficient access control in Glossary module * MSA-09-0025 - Unneeded MD5 hashes removed from user table * MSA-09-0026 - Fixed invalid application access control in MNET interface * MSA-09-0027 - Ensured login information is always sent secured when using SSL for logins * MSA-09-0028 - Passwords and secrets are no longer ever saved in backups, new backup capabilities moodle/backup:userinfo and moodle/restore:userinfo for controlling who can backup/restore user data, new checks in the security overview report help admins identify dangerous backup ...

Topics%20covered

Topics Covered

security advisory security issue fedora update access control csrf moodle

Change Log

* Tue Dec 8 2009 Jon Ciesla - 1.9.7-1 - Update to 1.9.7, BZ 544766. * Fri Apr 3 2009 Jon Ciesla - 1.9.4-7 - Move symlink scripts from pre to pretrans. - Corrented moodle-cron BZ 494090. * Thu Apr 2 2009 Jon Ciesla - 1.9.4-6.1 - Fix broken font deps. * Wed Apr 1 2009 Jon Ciesla - 1.9.4-6 - Patch for CVE-2009-1171, BZ 493109. * Tue Mar 24 2009 Jon Ciesla - 1.9.4-5 - Update for freefont->gnu-free-fonts change. * Thu Feb 26 2009 Jon Ciesla - 1.9.4-4 - Fix for symlink dir replacement. * Mon Feb 23 2009 Jon Ciesla - 1.9.4-2 - Putting back bundled MagpieRSS due to incompatibility, BZ 486777. - Corrected moodle-cron. * Tue Feb 10 2009 Jon Ciesla - 1.9.4-1 - Update to 1.9.4 to fix CVE-2009-0499,0500,0501,0502. * Tue Jan 27 2009 Jon Ciesla - 1.9.3-6 - Dropped and symlinked to khmeros-base-fonts. * Tue Jan 20 2009 Jon Ciesla - 1.9.3-5 - Dropped and symlinked illegal sm and to fonts. - Symlinking to FreeSans. - Drop spell-check-logic.cgi, CVE-2008-5153, per upstream, BZ 472117, 472119, 472120. * Wed Dec 17 2008 Jon Ciesla - 1.9.3-4 - Texed fix, BZ 476709. * Fri Nov 7 2008 Jon Ciesla - 1.9.3-3 - Moved to weekly downloaded 11/7/08 to fix Snoopy CVE-2008-4796. * Fri Oct 31 2008 Jon Ciesla - 1.9.3-2 - Fix for BZ 468929, overactive cron job.

References

CVE Request: ------------ https://www.openwall.com/lists/oss-security/2009/12/06/1
[ 1 ] Bug #544766 - Moodle: Multiple security fixes in 1.9.7 and 1.8.11 upstream releases https://bugzilla.redhat.com/show_bug.cgi?id=544766

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update moodle' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
important
Lowest
Low
Medium
High
Critical

Name: moodle
Product: Fedora 10
Version: 1.9.7
Release: 1.fc10
URL: https://moodle.org/
Summary: A Course Management System

Topics%20covered

Topics Covered

security advisory security issue fedora update access control csrf moodle

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here