Bug 646660 (CVE-2010-4207, CVE-2010-4208, CVE-2010-4209)
| Summary: | CVE-2010-4207 CVE-2010-4208 CVE-2010-4209 moodle: multiple vulnerabilities in embedded YUI (MSA-10-0017) | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | gwync |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-11-18 19:56:02 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 646661 | ||
| Bug Blocks: | |||
|
Description
Vincent Danen
2010-10-25 21:15:02 UTC
Created moodle tracking bugs for this issue Affects: fedora-all [bug 646661] This has been assigned the name CVE-2010-3866. CVE-2010-3866 was rejected in favour of CVE-2010-4207, CVE-2010-4208, and CVE-2010-4209 as there are three issues here: Common Vulnerabilities and Exposures assigned an identifier CVE-2010-4207 to the following vulnerability: Name: CVE-2010-4207 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4207 Assigned: 20101107 Reference: CONFIRM: http://moodle.org/mod/forum/discuss.php?d=160910 Reference: CONFIRM: http://www.bugzilla.org/security/3.2.8/ Reference: CONFIRM: http://yuilibrary.com/support/2.8.2/ Reference: SECUNIA:41955 Reference: URL: http://secunia.com/advisories/41955 Reference: VUPEN:ADV-2010-2878 Reference: URL: http://www.vupen.com/english/advisories/2010/2878 Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf. Common Vulnerabilities and Exposures assigned an identifier CVE-2010-4208 to the following vulnerability: Name: CVE-2010-4208 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4208 Assigned: 20101107 Reference: CONFIRM: http://moodle.org/mod/forum/discuss.php?d=160910 Reference: CONFIRM: http://www.bugzilla.org/security/3.2.8/ Reference: CONFIRM: http://yuilibrary.com/support/2.8.2/ Reference: SECUNIA:41955 Reference: URL: http://secunia.com/advisories/41955 Reference: VUPEN:ADV-2010-2878 Reference: URL: http://www.vupen.com/english/advisories/2010/2878 Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf. Common Vulnerabilities and Exposures assigned an identifier CVE-2010-4209 to the following vulnerability: Name: CVE-2010-4209 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4209 Assigned: 20101107 Reference: CONFIRM: http://www.bugzilla.org/security/3.2.8/ Reference: CONFIRM: http://yuilibrary.com/support/2.8.2/ Reference: SECUNIA:41955 Reference: URL: http://secunia.com/advisories/41955 Reference: VUPEN:ADV-2010-2878 Reference: URL: http://www.vupen.com/english/advisories/2010/2878 Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.8.1, as used in Bugzilla 3.7.1 through 3.7.3 and 4.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore/swfstore.swf. Current Fedora 14/15 have 1.9.14. Current Fedora 16 has 2.0.5. Current rawhide and EPEL6 have 2.1.2. |