Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Fedora 12: 2009-13065 Moderate: Moodle CSRF and Access Control Issues

fedora
Calendar Grey December 11, 2009
Dist Fedora Esm H88
The newest enhancements in Moodle address several vital vulnerabilities such as XSS, command injection, and others specifically for Ubuntu 20.04 administrators.
Moodle upstream has released latest stable versions (1.9.7 and 1.8.11), fixing multiple security issues

Summary

Moodle is a course management system (CMS) - a free, Open Source software

package designed using sound pedagogical principles, to help educators create

effective online learning communities.

Update Information:

Moodle upstream has released latest stable versions (1.9.7 and 1.8.11), fixing multiple security issues. The list for 1.9.7 release: -------------------------- Security issues * MSA-09-0022 - Multiple CSRF problems fixed * MSA-09-0023 - Fixed user account disclosure in LAMS module * MSA-09-0024 - Fixed insufficient access control in Glossary module * MSA-09-0025 - Unneeded MD5 hashes removed from user table * MSA-09-0026 - Fixed invalid application access control in MNET interface * MSA-09-0027 - Ensured login information is always sent secured when using SSL for logins * MSA-09-0028 - Passwords and secrets are no longer ever saved in backups, new backup capabilities moodle/backup:userinfo and moodle/restore:userinfo for controlling who can backup/restore user data, new checks in the security overview report help admins identify dangerous backup ...

Topics%20covered

Topics Covered

security advisory update Fedora access control Moodle course management system CSRF

Change Log

* Tue Dec 8 2009 Jon Ciesla - 1.9.7-1 - Update to 1.9.7, BZ 544766. * Thu Nov 5 2009 Jon Ciesla - 1.9.6-2 - Reverted erroneous cron fix. * Thu Nov 5 2009 Jon Ciesla - 1.9.6-1 - Update to 1.9.6. - Make moodle-cron honor lock, BZ 533171.

References

CVE Request: ------------ https://www.openwall.com/lists/oss-security/2009/12/06/1
[ 1 ] Bug #544766 - Moodle: Multiple security fixes in 1.9.7 and 1.8.11 upstream releases https://bugzilla.redhat.com/show_bug.cgi?id=544766

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update moodle' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
important
Lowest
Low
Medium
High
Critical

Name: moodle
Product: Fedora 12
Version: 1.9.7
Release: 1.fc12
URL: https://moodle.org/
Summary: A Course Management System

Topics%20covered

Topics Covered

security advisory update Fedora access control Moodle course management system CSRF

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here