Moodle upstream has released versions 2.7, 2.6.3, 2.5.6, and 2.4.10 to fix the following security flaws: CVE-2014-0213 MSA-14-0014: Cross-site request forgery possible in Assignment CVE-2014-0214 MSA-14-0015: Web service token expiry issue for MoodleMobile CVE-2014-0215 MSA-14-0016: Anonymous student identity revealed in assignment CVE-2014-0216 MSA-14-0017: File access issue in HTML block CVE-2014-0217 MSA-14-0018: Information leak in courses CVE-2014-0218 MSA-14-0019: Reflected XSS in URL downloader repository For a full summary and patch links, refer to the following: http://seclists.org/oss-sec/2014/q2/329
Created moodle tracking bugs for this issue: Affects: fedora-all [bug 1099765] Affects: epel-all [bug 1099766]