http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6625 Reported against 1.6.1 but an upstream patch which I suppose fixes this is not applied in 1.6.3: http://moodle.cvs.sourceforge.net/moodle/moodle/mod/forum/discuss.php?r1=1.65.2.9&r2=1.65.2.10 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6626 Reported against 1.5, too little information available at the moment to say whether this is an issue with 1.6.3. All FC4+ distro releases are equally affected (or not).
The patch that fixes CVE-2006-6625 is present in 1.6.5, which is being released for FC 5 and FC 6, and it is also present in 1.8.0, which is being released for FC 7. CVE-2006-6626 was also patched in some release prior to those two, so both are fixed in the next release.