Fedora 36: moodle 2023-d9c13996b2 | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Sign Up
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-d9c13996b2
2023-03-30 01:14:14.931163
--------------------------------------------------------------------------------

Name        : moodle
Product     : Fedora 36
Version     : 3.11.13
Release     : 1.fc36
URL         : https://moodle.org/
Summary     : A Course Management System
Description :
Moodle is a course management system (CMS) - a free, Open Source software
package designed using sound pedagogical principles, to help educators create
effective online learning communities.

--------------------------------------------------------------------------------
Update Information:

Fixes for multiple CVEs.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 21 2023 Gwyn Ciesla  - 3.11.13-1
- 3.11.13
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2180072 - CVE-2023-28329 moodle: Authenticated SQL injection via availability check [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2180072
  [ 2 ] Bug #2180078 - CVE-2023-28330 moodle: Authenticated arbitrary file read through malformed backup file [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2180078
  [ 3 ] Bug #2180080 - CVE-2023-28331 moodle: XSS risk when outputting database activity filter data [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2180080
  [ 4 ] Bug #2180082 - CVE-2023-28332 moodle: Algebra filter XSS when filter is misconfigured [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2180082
  [ 5 ] Bug #2180084 - CVE-2023-28333 moodle: Pix helper potential Mustache code injection risk [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2180084
  [ 6 ] Bug #2180092 - CVE-2023-28336 moodle: Teacher can access names of users they do not have permission to access [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2180092
  [ 7 ] Bug #2180098 - CVE-2023-1402 moodle: Course participation report shows roles the user should not see [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2180098
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-d9c13996b2' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

Fedora 36: moodle 2023-d9c13996b2

March 30, 2023
Fixes for multiple CVEs.

Summary

Moodle is a course management system (CMS) - a free, Open Source software

package designed using sound pedagogical principles, to help educators create

effective online learning communities.

Update Information:

Fixes for multiple CVEs.

Change Log

* Tue Mar 21 2023 Gwyn Ciesla - 3.11.13-1 - 3.11.13

References

[ 1 ] Bug #2180072 - CVE-2023-28329 moodle: Authenticated SQL injection via availability check [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2180072 [ 2 ] Bug #2180078 - CVE-2023-28330 moodle: Authenticated arbitrary file read through malformed backup file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2180078 [ 3 ] Bug #2180080 - CVE-2023-28331 moodle: XSS risk when outputting database activity filter data [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2180080 [ 4 ] Bug #2180082 - CVE-2023-28332 moodle: Algebra filter XSS when filter is misconfigured [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2180082 [ 5 ] Bug #2180084 - CVE-2023-28333 moodle: Pix helper potential Mustache code injection risk [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2180084 [ 6 ] Bug #2180092 - CVE-2023-28336 moodle: Teacher can access names of users they do not have permission to access [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2180092 [ 7 ] Bug #2180098 - CVE-2023-1402 moodle: Course participation report shows roles the user should not see [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2180098

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-d9c13996b2' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
Name : moodle
Product : Fedora 36
Version : 3.11.13
Release : 1.fc36
URL : https://moodle.org/
Summary : A Course Management System

Related News

Parrot OS 5.2 Tightens Security, Better TOR Bridges Support

Tails 5.9 Fixes Numerous Bugs and Enhances Security Measures

Modern Intel Processors Will Now Run Better Under Linux

KDE Kicks Off August With More Desktop Bug Fixes

News

Advisories

HOWTOs

Features

Linux Container Security Primer
Email Phishing Using Kali Linux
Is Linux A More Secure Option Than Windows For Businesses?
How Secure Is Linux?
How To Secure Against WordPress Vulnerabilities with Predictive Analysis Detection & Automated Remediation

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy