Fedora Update Notification
2021-03-23 01:31:48.604577

Name        : moodle
Product     : Fedora 33
Version     : 3.9.5
Release     : 1.fc33
URL         : https://moodle.org/
Summary     : A Course Management System
Description :
Moodle is a course management system (CMS) - a free, Open Source software
package designed using sound pedagogical principles, to help educators create
effective online learning communities.

Update Information:

Fixes for multiple CVEs

* Mon Mar 15 2021 Gwyn Ciesla  - 3.9.5-1
- 3.9.5

  [ 1 ] Bug #1939035 - CVE-2021-20279 moodle: Stored XSS via ID number user profile field [fedora-all]
  [ 2 ] Bug #1939039 - CVE-2021-20280 moodle: Stored XSS and blind SSRF possible via feedback answer text [fedora-all]
  [ 3 ] Bug #1939047 - CVE-2021-20281 moodle: User full name disclosure within online users block [fedora-all]
  [ 4 ] Bug #1939049 - CVE-2021-20282 moodle: Bypass email verification secret when confirming account registration [fedora-all]
  [ 5 ] Bug #1939053 - CVE-2021-20283 moodle: Fetching a user's enrolled courses via web services did not check profile access in each course [fedora-all]

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-431b232659' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure