Bug 824477 - (CVE-2012-2353, CVE-2012-2354, CVE-2012-2355, CVE-2012-2356, CVE-2012-2357, CVE-2012-2358, CVE-2012-2359, CVE-2012-2360, CVE-2012-2361, CVE-2012-2362, CVE-2012-2363, CVE-2012-2364, CVE-2012-2365, CVE-2012-2366, CVE-2012-2367) CVE-2012-2353 moodle: Upstream 2.2.3, 2.1.6, 2.0.9 and 1.9.18 fixes
CVE-2012-2353 moodle: Upstream 2.2.3, 2.1.6, 2.0.9 and 1.9.18 fixes
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20120523,repor...
: Security
Depends On: 824481 824482
Blocks:
  Show dependency treegraph
 
Reported: 2012-05-23 10:52 EDT by Jan Lieskovsky
Modified: 2015-08-22 11:37 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-08-22 11:37:22 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2012-05-23 10:52:41 EDT
Moodle upstream has released upstream 2.2.3, 2.1.6, 2.0.9 and 1.9.18 versions:
[1] http://docs.moodle.org/dev/Moodle_2.2.3_release_notes
[2] http://docs.moodle.org/dev/Moodle_2.1.6_release_notes
[3] http://docs.moodle.org/dev/Moodle_2.0.9_release_notes
[4] http://docs.moodle.org/dev/Moodle_1.9.18_release_notes

correcting multiple security flaws (each of the releases different subset):

Summarizing post for the flaws (including relevant upstream patches
for each of them):
[5] http://www.openwall.com/lists/oss-security/2012/05/23/2
Comment 1 Jan Lieskovsky 2012-05-23 10:56:47 EDT
The (shortened detail) list of security fixes:
==============================================

CVE-2012-2353 MSA-12-0024: Hidden information access issue
CVE-2012-2354 MSA-12-0025: Personal communication access issue
CVE-2012-2355 MSA-12-0026: Quiz capability issue
CVE-2012-2356 MSA-12-0027: Question bank capability issues
CVE-2012-2357 MSA-12-0028: Insecure authentication issue
CVE-2012-2358 MSA-12-0029: Information editing access issue
CVE-2012-2359 MSA-12-0030: Capability manipulation issue
CVE-2012-2360 MSA-12-0031: Cross-site scripting vulnerability in Wiki
CVE-2012-2361 MSA-12-0032: Cross-site scripting vulnerability in Web services
CVE-2012-2362 MSA-12-0033: Cross-site scripting vulnerability in Blog
CVE-2012-2363 MSA-12-0034: Potential SQL injection issue
CVE-2012-2364 MSA-12-0035: Cross-site scripting vulnerability in "download all"
CVE-2012-2365 MSA-12-0036: Cross-site scripting vulnerability in category identifier
CVE-2012-2366 MSA-12-0037: Write access issue in Database activity module
CVE-2012-2367 MSA-12-0038: Calendar event write permission issue
Comment 2 Jan Lieskovsky 2012-05-23 10:58:29 EDT
Created moodle tracking bugs for this issue

Affects: fedora-all [bug 824481]
Affects: epel-all [bug 824482]

Note You need to log in before you can comment on or make changes to this bug.