Sårbarhed Detalje Syn
Legend :
critical
high
medium
low
other
| id | 43123 |
|---|
| Risiko | other |
|---|
| Familie | Fedora Local Security Checks |
|---|
| Kategori | infos |
|---|
| Navn | Fedora 11 2009-13080: moodle |
|---|
| Sammenfatning | Check for the version of the moodle package |
|---|
| Beskrivelse | Synopsis :
The remote host is missing the patch for the advisory FEDORA-2009-13080 (moodle)
Description :
Moodle is a course management system (CMS) - a free, Open Source software
package designed using sound pedagogical principles, to help educators create
effective online learning communities.
-
Update Information:
Moodle upstream has released latest stable versions (1.9.7 and 1.8.11), fixing
multiple security issues. The list for 1.9.7 release:
-------------------------- Security issues * MSA-09-0022 - Multiple
CSRF problems fixed * MSA-09-0023 - Fixed user account disclosure in LAMS
module * MSA-09-0024 - Fixed insufficient access control in Glossary modul
e
Update information :
* MSA-09-0025 - Unneeded MD5 hashes removed from user table * MSA-09-0026
-
Fixed invalid application access control in MNET interface * MSA-09-0027 -
Ensured login information is always sent secured when using
SSL for logins * MSA-09-0028 - Passwords and secrets are no longer ever
saved in backups, new backup capabilities
moodle/backup:userinfo and moodle/restore:userinfo for
controlling who can backup/restore user data, new checks i
n
the security overview report help admins identify dangerou
s
backup permissions * MSA-09-0029 - A strong password
policy is now enabled by default, enabling password salt i
n
encouraged in config.php, admins are forced to change
password after the upgrade and admins can force password
change on other users via Bulk user actions *
MSA-09-0030 - New detection of insecure Flash player plugins, Moodle
won't serve Flash to insecure plugins * MSA-09-0031 - Fixed SQL injection
in SCORM module The list for 1.8.11 release: ----------------------------
Security issues * MSA-09-0022 - Multiple CSRF problems fixed *
MSA-09-0023 - Fixed user account disclosure in LAMS module * MSA-09-0024 -
Fixed insufficient access control in Glossary module * MSA-09-0025 -
Unneeded MD5 hashes removed from user table * MSA-09-0026 - Fixed invalid
application access control in MNET interface * MSA-09-0027 - Ensured login
information is always sent secured when using SSL for
logins * MSA-09-0028 - Passwords and secrets are no longer ever saved in
backups, new backup capabilities moodle/backup:userinfo an
d
moodle/restore:userinfo for controlling who can
backup/restore user data * MSA-09-0029 - Enabling a password salt in
encouraged in config.php and admins are forced to change
password after the upgrade * MSA-09-0031 -
Fixed SQL injection in SCORM module References: -----------
[9]http://docs.moodle.org/en/Moodle_1.9.7_release_notes
[10]http://docs.moodle.org/en/Moodle_1.8.11_release_notes CVE Request:
------------ [11]http://www.openwall.com/lists/oss-security/2009/12/06/1
Solution :
Get the newest Fedora Updates
Risk factor :
High
|
|---|
| CVE |
NOCVE |
| Bugtraq |
NOBID |
| Copyright |
(C) 2009 Tenable Network Security, Inc. |
|
|