U paketu Moodle uočeno je nekoliko sigurnosnih nedostataka koji se mogu iskoristiti udaljeno za zaobilaženje ograničenja, otkrivanje osjetljivih podataka ili izvođenje DoS napada.
Najveći broj nedostataka povezan je s nepravilnim postupkom prijave te nesigurnim rukovanjem korisničkim lozinkama i osobnim podacima.
Posljedica:
Udaljeni napadači mogu iskoristiti nedostatke kako bi zaobišli postupak prijave, otkrili osjetljive korisničke informacije ili izveli napad uskraćivanjem usluge (DoS).
Rješenje:
Dostupna je nadogradnja koja otklanja sve otkrivene nedostatke pa se stoga savjetuje njena primjena.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-16903
2011-12-10 18:48:50
--------------------------------------------------------------------------------
Name : moodle
Product : Fedora 15
Version : 1.9.15
Release : 1.fc15
URL : http://moodle.org/
Summary : A Course Management System
Description :
Moodle is a course management system (CMS) - a free, Open Source software
package designed using sound pedagogical principles, to help educators create
effective online learning communities.
--------------------------------------------------------------------------------
Update Information:
CVE-2011-4581 CVE-2011-4582 CVE-2011-4583 CVE-2011-4584 CVE-2011-4585
CVE-2011-4586 CVE-2011-4587 CVE-2011-4588 CVE-2011-4589 CVE-2011-4590
CVE-2011-4591 CVE-2011-4592 CVE-2011-4593
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 9 2011 Jon Ciesla <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.9.15-1
- New upstream, security fixes, 761249.
* Fri Oct 21 2011 Jon Ciesla <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.9.14-1
- New upstream, security fixes, 747445.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #761249 - moodle: multiple security fixes in 2.1.3, 2.0.6, and
1.9.15 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=761249
[ 2 ] Bug #761250 - moodle: multiple security fixes in 2.1.3, 2.0.6, and
1.9.15 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=761250
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update moodle' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-16833
2011-12-10 18:43:32
--------------------------------------------------------------------------------
Name : moodle
Product : Fedora 16
Version : 2.0.6
Release : 1.fc16
URL : http://moodle.org/
Summary : A Course Management System
Description :
Moodle is a course management system (CMS) - a free, Open Source software
package designed using sound pedagogical principles, to help educators create
effective online learning communities.
--------------------------------------------------------------------------------
Update Information:
CVE-2011-4581 CVE-2011-4582 CVE-2011-4583 CVE-2011-4584 CVE-2011-4585
CVE-2011-4586 CVE-2011-4587 CVE-2011-4588 CVE-2011-4589 CVE-2011-4590
CVE-2011-4591 CVE-2011-4592 CVE-2011-4593
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 9 2011 Jon Ciesla <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.0.6-1
- New upstream, BZ 761249.
* Fri Oct 21 2011 Jon Ciesla <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.0.5-1
- New upstream, BZ 747445.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #761249 - moodle: multiple security fixes in 2.1.3, 2.0.6, and
1.9.15 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=761249
[ 2 ] Bug #761250 - moodle: multiple security fixes in 2.1.3, 2.0.6, and
1.9.15 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=761250
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update moodle' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke