Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Warning: Undefined array key "Description" in /var/www/www.linuxsecurity.com-443/html/lsadvisories/lsadvisories.php on line 220

Fedora 33: FEDORA-2020-304aa2c365 Moderate: Moodle Update Issues

fedora
Calendar Grey November 27, 2020
Dist Fedora Esm H88
Patch addressing several vulnerabilities in Moodle for Fedora 33, tackling both privilege escalation and associated security concerns.
Fix for multiple CVEs

Summary

Moodle is a course management system (CMS) - a free, Open Source software

package designed using sound pedagogical principles, to help educators create

effective online learning communities.

Fix for multiple CVEs

* Thu Nov 19 2020 Gwyn Ciesla - 3.9.3-1

- 3.9.3

[ 1 ] Bug #1899533 - CVE-2020-25698 moodle: Teacher is able to unenrol users without permission using course restore [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1899533

[ 2 ] Bug #1899537 - CVE-2020-25699 moodle: Privilege escalation within a course when restoring role overrides [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1899537

[ 3 ] Bug #1899539 - CVE-2020-25700 moodle: Some database module web services did not respect group settings [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1899539

[ 4 ] Bug #1899542 - CVE-2020-25701 moodle: tool_uploadcourse creates new enrol instances unexpectedly in some circumstances [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1899542

[ 5 ] Bug #1899544 - CVE-2020-25702 moodle: Stored XSS possible when renaming content bank items [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1899544

[ 6 ] Bug #1899546 - CVE-2020-25703 moodle: The participants table download feature did not respect the site's "show user identity" configuration [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1899546

su -c 'dnf upgrade --advisory FEDORA-2020-304aa2c365' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory Fedora XSS privilege escalation update information moodle course management

Change Log

References

Update Instructions

Product: Fedora 33
Version: 3.9.3
Release: 1.fc33
URL: https://moodle.org/
Summary: A Course Management System

Topics%20covered

Topics Covered

security advisory Fedora XSS privilege escalation update information moodle course management

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here