Bug 747444 (CVE-2011-4300, CVE-2011-4301, CVE-2011-4302, CVE-2011-4303, CVE-2011-4304, CVE-2011-4305, CVE-2011-4306, CVE-2011-4307, CVE-2011-4308, CVE-2011-4309)
Summary: | moodle: Multiple security fixes in 2.1.2, 2.0.5, and 1.9.14 | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | gwync |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-11-18 19:51:25 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 747445, 747446 | ||
Bug Blocks: |
Description
Vincent Danen
2011-10-19 20:13:05 UTC
CVE assignments (http://seclists.org/oss-sec/2011/q4/296): MSA-11-0026: NO CVE Fields in user upload CSV not being escaped (need to be admin) MSA-11-0027: CVE-2011-4298 Wiki pages reference forgery issue MSA-11-0028: CVE-2011-4299 Wiki comments cross site scripting issue MSA-11-0029: CVE-2011-4300 File visibility issue MSA-11-0030: NO CVE Box.net repository integration authentication issue (hardening) MSA-11-0031: CVE-2011-4301 Forms API constant issue MSA-11-0032: CVE-2011-4302 MNET SSL validation issue MSA-11-0033: CVE-2011-4303 Site-hub registration identity issue MSA-11-0034: CVE-2011-4304 Chat module information leak MSA-11-0035: NO CVE Cookie-less session vulnerability (hardening) MSA-11-0036: CVE-2011-4305 Messaging refresh vulnerability MSA-11-0037: CVE-2011-4306 Course section editing injection vulnerability MSA-11-0038: NO CVE Database injection protection strengthened (hardening) MSA-11-0039: CVE-2011-4307 Wiki section vulnerability MSA-11-0040: CVE-2011-4308 Potential personal information leak MSA-11-0041: CVE-2011-4309 Global search authentication issue Current Fedora 14/15 have 1.9.14. Current Fedora 16 has 2.0.5. Current rawhide and EPEL6 have 2.1.2. |