Debian Security Advisory
DSA-2338-1 moodle -- several vulnerabilities
- Date Reported:
- 07 Nov 2011
- Affected Packages:
- Security database references:
- No other external database security references currently available.
- More information:
Several cross-site scripting and information disclosure issues have been fixed in Moodle, a course management system for online learning:
Continue links in error messages can lead offsite
reCAPTCHA images were being authenticated from an older server
Group names in user upload CSV not escaped
Fields in user upload CSV not escaped
Forms API constant issue
MNET SSL validation issue
Messaging refresh vulnerability
Course section editing injection vulnerability
Database injection protection strengthened
For the stable distribution (squeeze), this problem has been fixed in version 1.9.9.dfsg2-2.1+squeeze2.
For the unstable distribution (sid), this problem has been fixed in version 1.9.9.dfsg2-4.
We recommend that you upgrade your moodle packages.