Security Information / 2011 / Security Information -- DSA-2172-1 moodle

Debian Security Advisory

DSA-2172-1 moodle -- several vulnerabilities

Date Reported:

22 Feb 2011

Affected Packages:

moodle

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2010-2795, CVE-2010-2796, CVE-2010-3690, CVE-2010-3691, CVE-2010-3692.

More information:

Several vulnerabilties have been discovered in phpCAS, a CAS client library for PHP. The Moodle course management system includes a copy of phpCAS.

For the oldstable distribution (lenny), this problem has been fixed in version 1.8.13-3.

The stable distribution (squeeze) already contains a fixed version of phpCAS.

The unstable distribution (sid) already contains a fixed version of phpCAS.

We recommend that you upgrade your moodle packages.