This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 824477 - (CVE-2012-2353, CVE-2012-2354, CVE-2012-2355, CVE-2012-2356, CVE-2012-2357, CVE-2012-2358, CVE-2012-2359, CVE-2012-2360, CVE-2012-2361, CVE-2012-2362, CVE-2012-2363, CVE-2012-2364, CVE-2012-2365, CVE-2012-2366, CVE-2012-2367) CVE-2012-2353 moodle: Upstream 2.2.3, 2.1.6, 2.0.9 and 1.9.18 fixes
CVE-2012-2353 moodle: Upstream 2.2.3, 2.1.6, 2.0.9 and 1.9.18 fixes
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 824481 824482
  Show dependency treegraph
Reported: 2012-05-23 10:52 EDT by Jan Lieskovsky
Modified: 2015-08-22 11:37 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-08-22 11:37:22 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2012-05-23 10:52:41 EDT
Moodle upstream has released upstream 2.2.3, 2.1.6, 2.0.9 and 1.9.18 versions:

correcting multiple security flaws (each of the releases different subset):

Summarizing post for the flaws (including relevant upstream patches
for each of them):
Comment 1 Jan Lieskovsky 2012-05-23 10:56:47 EDT
The (shortened detail) list of security fixes:

CVE-2012-2353 MSA-12-0024: Hidden information access issue
CVE-2012-2354 MSA-12-0025: Personal communication access issue
CVE-2012-2355 MSA-12-0026: Quiz capability issue
CVE-2012-2356 MSA-12-0027: Question bank capability issues
CVE-2012-2357 MSA-12-0028: Insecure authentication issue
CVE-2012-2358 MSA-12-0029: Information editing access issue
CVE-2012-2359 MSA-12-0030: Capability manipulation issue
CVE-2012-2360 MSA-12-0031: Cross-site scripting vulnerability in Wiki
CVE-2012-2361 MSA-12-0032: Cross-site scripting vulnerability in Web services
CVE-2012-2362 MSA-12-0033: Cross-site scripting vulnerability in Blog
CVE-2012-2363 MSA-12-0034: Potential SQL injection issue
CVE-2012-2364 MSA-12-0035: Cross-site scripting vulnerability in "download all"
CVE-2012-2365 MSA-12-0036: Cross-site scripting vulnerability in category identifier
CVE-2012-2366 MSA-12-0037: Write access issue in Database activity module
CVE-2012-2367 MSA-12-0038: Calendar event write permission issue
Comment 2 Jan Lieskovsky 2012-05-23 10:58:29 EDT
Created moodle tracking bugs for this issue

Affects: fedora-all [bug 824481]
Affects: epel-all [bug 824482]

Note You need to log in before you can comment on or make changes to this bug.