Explore top 10 tips to secure your open-source projects now. Read More
×
Latest updates.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-b23cb4c239 2025-04-23 01:59:45.656548+00:00 -------------------------------------------------------------------------------- Name : moodle Product : Fedora 40 Version : 4.3.12 Release : 1.fc40 URL : https://moodle.org/ Summary : A Course Management System Description : Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities. -------------------------------------------------------------------------------- Update Information: Latest updates. -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 14 2025 Gwyn Ciesla - 4.3.12-1 - 4.3.12 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2361645 - CVE-2025-3647 moodle: IDOR when accessing the cohorts report [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2361645 [ 2 ] Bug #2361648 - CVE-2025-3645 moodle: IDOR in messaging web service allows access to some user details [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2361648 [ 3 ] Bug #2361651 - CVE-2025-3644 moodle: AJAX section delete does not respect course_can_delete_section() [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2361651 [ 4 ] Bug #2361654 - CVE-2025-3643 moodle: Reflected XSS risk in policy tool [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2361654 [ 5 ] Bug #2361657 - CVE-2025-3642 moodle: Authenticated remote code execution risk in the Moodle LMS EQUELLA repository [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2361657 [ 6 ] Bug #2361660 - CVE-2025-3641 moodle: Authenticated remote code execution risk in the Moodle LMS Dropbox repository [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2361660 [ 7 ] Bug #2361663 - CVE-2025-3638 moodle: CSRF risk in Brickfield tool's analysis request action [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2361663 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-b23cb4c239' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Latest updates.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-ccb1a36fcb 2025-04-23 01:45:48.555038+00:00 -------------------------------------------------------------------------------- Name : moodle Product : Fedora 42 Version : 4.5.4 Release : 1.fc42 URL : https://moodle.org/ Summary : A Course Management System Description : Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities. -------------------------------------------------------------------------------- Update Information: Latest updates. -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 14 2025 Gwyn Ciesla - 4.5.4-1 - 4.5.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2361647 - CVE-2025-3647 moodle: IDOR when accessing the cohorts report [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2361647 [ 2 ] Bug #2361650 - CVE-2025-3645 moodle: IDOR in messaging web service allows access to some user details [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2361650 [ 3 ] Bug #2361653 - CVE-2025-3644 moodle: AJAX section delete does not respect course_can_delete_section() [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2361653 [ 4 ] Bug #2361656 - CVE-2025-3643 moodle: Reflected XSS risk in policy tool [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2361656 [ 5 ] Bug #2361659 - CVE-2025-3642 moodle: Authenticated remote code execution risk in the Moodle LMS EQUELLA repository [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2361659 [ 6 ] Bug #2361662 - CVE-2025-3641 moodle: Authenticated remote code execution risk in the Moodle LMS Dropbox repository [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2361662 [ 7 ] Bug #2361665 - CVE-2025-3638 moodle: CSRF risk in Brickfield tool's analysis request action [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2361665 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-ccb1a36fcb' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Multiple CVE fixes.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-ddb5f7c0a3 2024-12-27 01:20:43.467440+00:00 -------------------------------------------------------------------------------- Name : moodle Product : Fedora 41 Version : 4.4.5 Release : 1.fc41 URL : https://moodle.org/ Summary : A Course Management System Description : Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities. -------------------------------------------------------------------------------- Update Information: Multiple CVE fixes. -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 17 2024 Gwyn Ciesla - 4.4.5-1 - 4.4.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2332796 - CVE-2024-55648 moodle: Potential denial of service risk due to guest sessions' longer timeout period [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2332796 [ 2 ] Bug #2332812 - CVE-2024-55647 moodle: Reflected XSS in question bank filter [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2332812 [ 3 ] Bug #2332814 - CVE-2024-55646 moodle: Database activity issue in separate groups mode, for users not in a group [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2332814 [ 4 ] Bug #2332824 - CVE-2024-55645 moodle: Email change confirmation token available via preference [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2332824 [ 5 ] Bug #2332826 - CVE-2024-55644 moodle: Tag index page displays other users tagged with the selected tag [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2332826 [ 6 ] Bug #2332828 - CVE-2024-55643 moodle: Unprotected access to sensitive information via learning plan webservice [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2332828 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-ddb5f7c0a3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Latest updates. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-a7b0d27d18 2023-10-19 01:34:44.719121 -------------------------------------------------------------------------------- Name : moodle Product : Fedora 37 Version : 4.1.6 Release : 1.fc37 URL : https://moodle.org/ Summary : A Course Management System Description : Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities. -------------------------------------------------------------------------------- Update Information: Latest updates -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 10 2023 Gwyn Ciesla - 4.1.6-1 - 4.1.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2244896 - CVE-2023-5539 moodle: Authenticated remote code execution risk in Lesson [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2244896 [ 2 ] Bug #2244899 - CVE-2023-5540 moodle: authenticated remote code execution risk in IMSCP [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2244899 [ 3 ] Bug #2244901 - CVE-2023-5541 moodle: XSS risk when using CSV grade import method [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2244901 [ 4 ] Bug #2244903 - CVE-2023-5542 moodle: Students can view other users in "Only see own membership" groups [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2244903 [ 5 ] Bug #2244905 - CVE-2023-5543 moodle: Duplicating a BigBlueButton activity assigns the same meeting ID [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2244905 [ 6 ] Bug #2244907 - CVE-2023-5544 moodle: Stored XSS and potential IDOR risk in Wiki comments [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2244907 [ 7 ] Bug #2244909 - CVE-2023-5545 moodle: Auto-populated H5P author name causes a potential information leak [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2244909 [ 8 ] Bug #2244912 - CVE-2023-5546 moodle: Stored XSS in quiz grading report via user ID number [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2244912 [ 9 ] Bug #2244916 - CVE-2023-5547 moodle: XSS risk when previewing data in course upload tool [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2244916 [ 10 ] Bug #2244918 - CVE-2023-5548 moodle: Cache poisoning risk with endpoint revision numbers [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2244918 [ 11 ] Bug #2244920 - CVE-2023-5549 moodle: Insufficient capability checks when updating the parent of a course category [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2244920 [ 12 ] Bug #2244922 - CVE-2023-5550 moodle: RCE due to LFI risk in some misconfigured shared hosting environments [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2244922 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-a7b0d27d18' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Fixes for multiple CVEs.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-d9c13996b2 2023-03-30 01:14:14.931163 --------------------------------------------------------------------------------Name : moodle Product : Fedora 36 Version : 3.11.13 Release : 1.fc36 URL : https://moodle.org/ Summary : A Course Management System Description : Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities. --------------------------------------------------------------------------------Update Information: Fixes for multiple CVEs. --------------------------------------------------------------------------------ChangeLog: * Tue Mar 21 2023 Gwyn Ciesla - 3.11.13-1 - 3.11.13 --------------------------------------------------------------------------------References: [ 1 ] Bug #2180072 - CVE-2023-28329 moodle: Authenticated SQL injection via availability check [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2180072 [ 2 ] Bug #2180078 - CVE-2023-28330 moodle: Authenticated arbitrary file read through malformed backup file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2180078 [ 3 ] Bug #2180080 - CVE-2023-28331 moodle: XSS risk when outputting database activity filter data [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2180080 [ 4 ] Bug #2180082 - CVE-2023-28332 moodle: Algebra filter XSS when filter is misconfigured [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2180082 [ 5 ] Bug #2180084 - CVE-2023-28333 moodle: Pix helper potential Mustache code injection risk [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2180084 [ 6 ] Bug #2180092 - CVE-2023-28336 moodle: Teacher can access names of users they do not have permission to access [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2180092 [ 7 ] Bug #2180098 - CVE-2023-1402 moodle: Course participation report shows roles the user should not see [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2180098 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-d9c13996b2' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Fixes for multiple CVEs. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-cb7084ae1c 2022-12-07 01:42:32.810680 --------------------------------------------------------------------------------Name : moodle Product : Fedora 35 Version : 3.11.11 Release : 1.fc35 URL : https://moodle.org/ Summary : A Course Management System Description : Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities. --------------------------------------------------------------------------------Update Information: Fixes for multiple CVEs --------------------------------------------------------------------------------ChangeLog: * Mon Nov 28 2022 Gwyn Ciesla - 3.11.11-1 - 3.11.11 --------------------------------------------------------------------------------References: [ 1 ] Bug #2144705 - CVE-2021-23414 CVE-2022-45149 CVE-2022-45150 CVE-2022-45151 CVE-2022-45152 moodle: various flaws [fedora-35] https://bugzilla.redhat.com/show_bug.cgi?id=2144705 [ 2 ] Bug #2144706 - CVE-2021-23414 CVE-2022-45149 CVE-2022-45150 CVE-2022-45151 CVE-2022-45152 moodle: various flaws [fedora-36] https://bugzilla.redhat.com/show_bug.cgi?id=2144706 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-cb7084ae1c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Latest update.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-50c091d963 2022-09-21 01:21:16.550072 --------------------------------------------------------------------------------Name : moodle Product : Fedora 35 Version : 3.11.10 Release : 1.fc35 URL : https://moodle.org/ Summary : A Course Management System Description : Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities. --------------------------------------------------------------------------------Update Information: Latest update. --------------------------------------------------------------------------------ChangeLog: * Mon Sep 12 2022 Gwyn Ciesla - 3.11.10-1 - 3.11.10 --------------------------------------------------------------------------------References: [ 1 ] Bug #2126857 - CVE-2021-36568 www-apps/moodle: XSS via crafted topic fields https://bugzilla.redhat.com/show_bug.cgi?id=2126857 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-50c091d963' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Latest update.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-1c77803b43 2022-09-21 01:11:30.390293 --------------------------------------------------------------------------------Name : moodle Product : Fedora 36 Version : 3.11.10 Release : 1.fc36 URL : https://moodle.org/ Summary : A Course Management System Description : Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities. --------------------------------------------------------------------------------Update Information: Latest update. --------------------------------------------------------------------------------ChangeLog: * Mon Sep 12 2022 Gwyn Ciesla - 3.11.10-1 - 3.11.10 --------------------------------------------------------------------------------References: [ 1 ] Bug #2126857 - CVE-2021-36568 www-apps/moodle: XSS via crafted topic fields https://bugzilla.redhat.com/show_bug.cgi?id=2126857 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-1c77803b43' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Get the latest Linux and open source security news straight to your inbox.