Bug 824477 (CVE-2012-2353, CVE-2012-2354, CVE-2012-2355, CVE-2012-2356, CVE-2012-2357, CVE-2012-2358, CVE-2012-2359, CVE-2012-2360, CVE-2012-2361, CVE-2012-2362, CVE-2012-2363, CVE-2012-2364, CVE-2012-2365, CVE-2012-2366, CVE-2012-2367) - CVE-2012-2353 moodle: Upstream 2.2.3, 2.1.6, 2.0.9 and 1.9.18 fixes
Summary: CVE-2012-2353 moodle: Upstream 2.2.3, 2.1.6, 2.0.9 and 1.9.18 fixes
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2012-2353, CVE-2012-2354, CVE-2012-2355, CVE-2012-2356, CVE-2012-2357, CVE-2012-2358, CVE-2012-2359, CVE-2012-2360, CVE-2012-2361, CVE-2012-2362, CVE-2012-2363, CVE-2012-2364, CVE-2012-2365, CVE-2012-2366, CVE-2012-2367
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 824481 824482
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-05-23 14:52 UTC by Jan Lieskovsky
Modified: 2019-09-29 12:53 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-08-22 15:37:22 UTC
Embargoed:


Attachments (Terms of Use)

Description Jan Lieskovsky 2012-05-23 14:52:41 UTC
Moodle upstream has released upstream 2.2.3, 2.1.6, 2.0.9 and 1.9.18 versions:
[1] http://docs.moodle.org/dev/Moodle_2.2.3_release_notes
[2] http://docs.moodle.org/dev/Moodle_2.1.6_release_notes
[3] http://docs.moodle.org/dev/Moodle_2.0.9_release_notes
[4] http://docs.moodle.org/dev/Moodle_1.9.18_release_notes

correcting multiple security flaws (each of the releases different subset):

Summarizing post for the flaws (including relevant upstream patches
for each of them):
[5] http://www.openwall.com/lists/oss-security/2012/05/23/2

Comment 1 Jan Lieskovsky 2012-05-23 14:56:47 UTC
The (shortened detail) list of security fixes:
==============================================

CVE-2012-2353 MSA-12-0024: Hidden information access issue
CVE-2012-2354 MSA-12-0025: Personal communication access issue
CVE-2012-2355 MSA-12-0026: Quiz capability issue
CVE-2012-2356 MSA-12-0027: Question bank capability issues
CVE-2012-2357 MSA-12-0028: Insecure authentication issue
CVE-2012-2358 MSA-12-0029: Information editing access issue
CVE-2012-2359 MSA-12-0030: Capability manipulation issue
CVE-2012-2360 MSA-12-0031: Cross-site scripting vulnerability in Wiki
CVE-2012-2361 MSA-12-0032: Cross-site scripting vulnerability in Web services
CVE-2012-2362 MSA-12-0033: Cross-site scripting vulnerability in Blog
CVE-2012-2363 MSA-12-0034: Potential SQL injection issue
CVE-2012-2364 MSA-12-0035: Cross-site scripting vulnerability in "download all"
CVE-2012-2365 MSA-12-0036: Cross-site scripting vulnerability in category identifier
CVE-2012-2366 MSA-12-0037: Write access issue in Database activity module
CVE-2012-2367 MSA-12-0038: Calendar event write permission issue

Comment 2 Jan Lieskovsky 2012-05-23 14:58:29 UTC
Created moodle tracking bugs for this issue

Affects: fedora-all [bug 824481]
Affects: epel-all [bug 824482]


Note You need to log in before you can comment on or make changes to this bug.