Debian Security Advisory
DSA-2338-1 moodle -- several vulnerabilities
- Date Reported:
- 07 Nov 2011
- Affected Packages:
- moodle
- Vulnerable:
- Yes
- Security database references:
- No other external database security references currently available.
- More information:
-
Several cross-site scripting and information disclosure issues have been fixed in Moodle, a course management system for online learning:
- MSA-11-0020
Continue links in error messages can lead offsite
- MSA-11-0024
reCAPTCHA images were being authenticated from an older server
- MSA-11-0025
Group names in user upload CSV not escaped
- MSA-11-0026
Fields in user upload CSV not escaped
- MSA-11-0031
Forms API constant issue
- MSA-11-0032
MNET SSL validation issue
- MSA-11-0036
Messaging refresh vulnerability
- MSA-11-0037
Course section editing injection vulnerability
- MSA-11-0038
Database injection protection strengthened
For the stable distribution (squeeze), this problem has been fixed in version 1.9.9.dfsg2-2.1+squeeze2.
For the unstable distribution (sid), this problem has been fixed in version 1.9.9.dfsg2-4.
We recommend that you upgrade your moodle packages.
- MSA-11-0020