drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in Moodle
Name: |
Zwei Probleme in Moodle |
|
ID: |
FEDORA-2013-21354 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 18 |
|
Datum: |
So, 24. November 2013, 11:06 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3630
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6780 |
|
Applikationen: |
Moodle |
|
Originalnachricht |
Name : moodle Product : Fedora 18 Version : 2.3.10 Release : 1.fc18 URL : http://moodle.org/ Summary : A Course Management System Description : Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities.
------------------------------------------------------------------------------- - Update Information:
Latest upstreams, multiple security fixes.
Name: CVE-2013-6780
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6780
Assigned: 20131112
Reference: https://yuilibrary.com/support/20131111-vulnerability/
Cross-site scripting (XSS) vulnerability in uploader.swf in the
Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote
attackers to inject arbitrary web script or HTML via the allowedDomain
parameter.
Name: CVE-2013-3630
URL: cvename.cgi?name=CVE-2013-3630[Open">cvename.cgi?name=CVE-2013-3630">OpenURL]
Assigned: 20130521
Reference: https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one [Open">https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one">Open URL]
Reference: https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats [Open">https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats">Open URL]
Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor. ------------------------------------------------------------------------------- - ChangeLog:
* Thu Nov 14 2013 Jon Ciesla <limburgher@gmail.com> - 2.3.10-1 - 2.3.10, BZ 1025655,6, 1030084,5. * Wed Sep 11 2013 Jon Ciesla <limburgher@gmail.com> - 2.3.9-1 - 2.3.9, multiple securty fixes, BZ 1006678. - CVE-2012-6087 patch upstreamed. * Fri Jul 12 2013 Jon Ciesla <limburgher@gmail.com> - 2.3.8-2 - Include two non-upstream additions to HTML-Quickform. * Fri Jul 12 2013 Jon Ciesla <limburgher@gmail.com> - 2.3.8-1 - 2.3.8. * Mon May 20 2013 Jon Ciesla <limburgher@gmail.com> - 2.3.7-1 - Latest upstream, patch for multiple CVEs * Mon Mar 25 2013 Jon Ciesla <limburgher@gmail.com> - 2.3.6-1 - Latest upstream, patch for multiple CVEs * Tue Jan 15 2013 Jon Ciesla <limburgher@gmail.com> - 2.3.4-1 - Latest upstream, patch for CVE-2012-6087. ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1025655 - CVE-2013-3630 moodle: authenticated remote command execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1025655 [ 2 ] Bug #1025656 - CVE-2013-3630 moodle: authenticated remote command execution [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1025656 [ 3 ] Bug #1030084 - CVE-2013-6780 moodle: XSS vulnerability in YUI 2.5.0 through 2.9.0 [epel-5] https://bugzilla.redhat.com/show_bug.cgi?id=1030084 [ 4 ] Bug #1030085 - CVE-2013-6780 moodle: XSS vulnerability in YUI 2.5.0 through 2.9.0 [fedora-18] https://bugzilla.redhat.com/show_bug.cgi?id=1030085 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update moodle' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|