First published: Wed Oct 19 2011(Updated: )
A number of flaws have been fixed in new upstream Moodle 2.1.2, 2.0.5, and 1.9.14. These do not have CVEs assigned (request pending), and since Fedora/EPEL will rebase to the latest versions of each branch, I'm summarizing them all here rather than creating 16 separate bugs: MSA-11-0041: Global search authentication issue Affects: 2.1.x 2.0.x Fix: <a href="http://git.moodle.org/gw?p=moodle.git;a=commit;h=5eb1cec34f013fdcb559b66bc401f2845ce0bbb7">http://git.moodle.org/gw?p=moodle.git;a=commit;h=5eb1cec34f013fdcb559b66bc401f2845ce0bbb7</a> Reference: <a href="http://moodle.org/mod/forum/discuss.php?d=188323">http://moodle.org/mod/forum/discuss.php?d=188323</a> MSA-11-0040: Potential personal information leak Affects: 2.1.x, 2.0.x, 1.9.x Fix: <a href="http://git.moodle.org/gw?p=moodle.git&a=search&s=MDL-28615">http://git.moodle.org/gw?p=moodle.git&a=search&s=MDL-28615</a> Reference: <a href="http://moodle.org/mod/forum/discuss.php?d=188322">http://moodle.org/mod/forum/discuss.php?d=188322</a> MSA-11-0039: Wiki section vulnerability Affects: 2.1.x, 2.0.x Fix: <a href="http://git.moodle.org/gw?p=moodle.git;a=commit;h=41017112cff7f5bd7969c72d321320f3090e7c68">http://git.moodle.org/gw?p=moodle.git;a=commit;h=41017112cff7f5bd7969c72d321320f3090e7c68</a> Reference: <a href="http://moodle.org/mod/forum/discuss.php?d=188321">http://moodle.org/mod/forum/discuss.php?d=188321</a> MSA-11-0038: Database injection protection strengthened Affects: 1.9.x Fix: <a href="http://git.moodle.org/gw?p=moodle.git;a=commit;h=4a2acd8c7e6c869d5fd5aa686e6e0a3f20c97f15">http://git.moodle.org/gw?p=moodle.git;a=commit;h=4a2acd8c7e6c869d5fd5aa686e6e0a3f20c97f15</a> Reference: <a href="http://moodle.org/mod/forum/discuss.php?d=188320">http://moodle.org/mod/forum/discuss.php?d=188320</a> MSA-11-0037: Course section editing injection vulnerability Affects: 1.9.x Fix: <a href="http://git.moodle.org/gw?p=moodle.git;a=commit;h=4a2acd8c7e6c869d5fd5aa686e6e0a3f20c97f15">http://git.moodle.org/gw?p=moodle.git;a=commit;h=4a2acd8c7e6c869d5fd5aa686e6e0a3f20c97f15</a> Reference: <a href="http://moodle.org/mod/forum/discuss.php?d=188319">http://moodle.org/mod/forum/discuss.php?d=188319</a> MSA-11-0036: Messaging refresh vulnerability Affects: 1.9.x Fix: <a href="http://git.moodle.org/gw?p=moodle.git;a=commit;h=97f258fabb3ebfa7acc7c02cb59de92b01710f99">http://git.moodle.org/gw?p=moodle.git;a=commit;h=97f258fabb3ebfa7acc7c02cb59de92b01710f99</a> Reference: <a href="http://moodle.org/mod/forum/discuss.php?d=188318">http://moodle.org/mod/forum/discuss.php?d=188318</a> MSA-11-0035: Cookie-less session vulnerability Affects: 2.1.x, 2.0.x, (1.9.x if misconfigured) Fix: <a href="http://git.moodle.org/gw?p=moodle.git;a=commit;h=e1e082a809b9a2d3a408cb4d6faa34fdfcf3165c">http://git.moodle.org/gw?p=moodle.git;a=commit;h=e1e082a809b9a2d3a408cb4d6faa34fdfcf3165c</a> Reference: <a href="http://moodle.org/mod/forum/discuss.php?d=188317">http://moodle.org/mod/forum/discuss.php?d=188317</a> MSA-11-0034: Chat module information leak Affects: 2.1.x, 2.0.x Fix: <a href="http://git.moodle.org/gw?p=moodle.git;a=commit;h=d0157d827bc254ba386a5e5b41b13be2698ee76e">http://git.moodle.org/gw?p=moodle.git;a=commit;h=d0157d827bc254ba386a5e5b41b13be2698ee76e</a> Reference: <a href="http://moodle.org/mod/forum/discuss.php?d=188316">http://moodle.org/mod/forum/discuss.php?d=188316</a> MSA-11-0033: Site-hub registration identity issue Affects: 2.1.x, 2.0.x Fix: <a href="http://git.moodle.org/gw?p=moodle.git;a=commit;h=ca896fdfcfcc87846fa91a297d0aa6999a68c48a">http://git.moodle.org/gw?p=moodle.git;a=commit;h=ca896fdfcfcc87846fa91a297d0aa6999a68c48a</a> Reference: <a href="http://moodle.org/mod/forum/discuss.php?d=188315">http://moodle.org/mod/forum/discuss.php?d=188315</a> MSA-11-0032: MNET SSL validation issue Affects: 2.1.x, 2.0.x, 1.9.x Fix: <a href="http://git.moodle.org/gw?p=moodle.git;a=commit;h=54941685e3e86ec085641dcb7ebb1f96f06735b2">http://git.moodle.org/gw?p=moodle.git;a=commit;h=54941685e3e86ec085641dcb7ebb1f96f06735b2</a> Reference: <a href="http://moodle.org/mod/forum/discuss.php?d=188314">http://moodle.org/mod/forum/discuss.php?d=188314</a> MSA-11-0031: Forms API constant issue Affects: 2.1.x, 2.0.x, 1.9.x Fix: <a href="http://git.moodle.org/gw?p=moodle.git;a=commit;h=f1f70bd4dde6cd1ea4bdb8ab28fa3d36a53b89d8">http://git.moodle.org/gw?p=moodle.git;a=commit;h=f1f70bd4dde6cd1ea4bdb8ab28fa3d36a53b89d8</a> Reference: <a href="http://moodle.org/mod/forum/discuss.php?d=188313">http://moodle.org/mod/forum/discuss.php?d=188313</a> MSA-11-0030: Box.net repository integration authentication issue Affects: 2.1.x, 2.0.x Fix: <a href="http://git.moodle.org/gw?p=moodle.git;a=commit;h=3deff6c9d2bb4ab3144b3ca7b93d6a2ef6a87af2">http://git.moodle.org/gw?p=moodle.git;a=commit;h=3deff6c9d2bb4ab3144b3ca7b93d6a2ef6a87af2</a> Reference: <a href="http://moodle.org/mod/forum/discuss.php?d=188312">http://moodle.org/mod/forum/discuss.php?d=188312</a> MSA-11-0029: File visibility issue Affects: 2.1.x, 2.0.x Fix: <a href="http://git.moodle.org/gw?p=moodle.git;a=commit;h=f6b07c4da54a9db24723beb147e8a19a3d487e00">http://git.moodle.org/gw?p=moodle.git;a=commit;h=f6b07c4da54a9db24723beb147e8a19a3d487e00</a> Reference: <a href="http://moodle.org/mod/forum/discuss.php?d=188311">http://moodle.org/mod/forum/discuss.php?d=188311</a> MSA-11-0028: Wiki comments XSS issue Affects: 2.1.x, 2.0.x Fix: <a href="http://git.moodle.org/gw?p=moodle.git;a=commit;h=a459fd90625ae44d7b3ac10b65da2dc631a418e7">http://git.moodle.org/gw?p=moodle.git;a=commit;h=a459fd90625ae44d7b3ac10b65da2dc631a418e7</a> Reference: <a href="http://moodle.org/mod/forum/discuss.php?d=188310">http://moodle.org/mod/forum/discuss.php?d=188310</a> MSA-11-0027: Wiki pages reference forgery issue Affects: 2.1.x, 2.0.x Fix: <a href="http://git.moodle.org/gw?p=moodle.git;a=commit;h=48346fb11f8ced06a05c0618b02a3a925b34ec59">http://git.moodle.org/gw?p=moodle.git;a=commit;h=48346fb11f8ced06a05c0618b02a3a925b34ec59</a> Reference: <a href="http://moodle.org/mod/forum/discuss.php?d=188309">http://moodle.org/mod/forum/discuss.php?d=188309</a> MSA-11-0026: Fields in user upload CSV not being escaped Affects: 1.9.x Reference: <a href="http://moodle.org/mod/forum/discuss.php?d=182743">http://moodle.org/mod/forum/discuss.php?d=182743</a>
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
composer/moodle/moodle | >=2.0.0<2.0.5 | 2.0.5 |
composer/moodle/moodle | >=2.1<2.1.2 | 2.1.2 |
Moodle Moodle | =2.0.2 | |
Moodle Moodle | =2.0.1 | |
Moodle Moodle | =2.0.4 | |
Moodle Moodle | =2.0.3 | |
Moodle Moodle | =2.1.1 | |
Moodle Moodle | =2.0.0 | |
Moodle Moodle | =2.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.