Bug 878121 (CVE-2012-5471, CVE-2012-5472, CVE-2012-5473, CVE-2012-5479, CVE-2012-5480, CVE-2012-5481)
Summary: | moodle: Various security issues fixed in upstream 2.3.3, 2.2.6 and 2.1.9 versions (MSA-12-0057, MSA-12-0058, MSA-12-0059, MSA-12-0060, MSA-12-0061, MSA-12-0062, MSA-12-0063) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | gwync |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Moodle 2.3.3, Moodle 2.2.6, Moodle 2.1.9 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-01-21 20:53:19 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 878132, 878133 | ||
Bug Blocks: |
Description
Jan Lieskovsky
2012-11-19 17:17:00 UTC
The table of affected moodle package versions (based on review of provided upstream patches if they would be applicable) as shipped with Fedora release of 16, 17, Fedora EPEL 6, and Fedora EPEL 5 is as follows: [Legend: A = Affected, NA = Not Affected] | F-17 | F-16/EPEL-6 | EPEL-5 | -------------------------------------------------- | CVE-2012-5471 | A | A | NA | | CVE-2012-5472 | A | A | A | | CVE-2012-5473 | A | A | A | | CVE-2012-5475 | A[*]| A[*] | A[*] | | CVE-2012-5479 | A | A | A | | CVE-2012-5480 | A | A | A | | CVE-2012-5481 | A | A | NA | -------------------------------------------------- [*] Based on: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5475 the CVE-2012-5475 identifier has been rejected (in favour of CVE-2012-5881, CVE-2012-5882, CVE-2012-5883) => that being the reason CVE-2012-5475 not used in alias field of this bug. Created moodle tracking bugs for this issue Affects: fedora-all [bug 878132] Affects: epel-all [bug 878133] |