Moodle upstream has released versions 2.3.1, 2.2.4, 2.1.7, 2.0.10, and 1.9.19 to fix the following security flaws: CVE-2012-3387 Moodle: MSA-12-0039: File upload validation issue CVE-2012-3388 Moodle: MSA-12-0040: Capabilities issue through caching CVE-2012-3389 Moodle: MSA-12-0041: XSS issue in LTI module CVE-2012-3390 Moodle: MSA-12-0042: File access issue in blocks CVE-2012-3391 Moodle: MSA-12-0043: Early information access issue in forum CVE-2012-3392 Moodle: MSA-12-0044: Capability check issue in forum subscriptions CVE-2012-3393 Moodle: MSA-12-0045: Injection potential in admin for repositories CVE-2012-3394 Moodle: MSA-12-0046: Insecure protocol redirection in LDAP authentication CVE-2012-3395 Moodle: MSA-12-0047: SQL injection potential in Feedback module CVE-2012-3396 Moodle: MSA-12-0048: Possible XSS in cohort administration CVE-2012-3397 Moodle: MSA-12-0049: Group restricted activity displayed to all users CVE-2012-3398 Moodle: MSA-12-0050: Potential DOS attack through database activity The above is summarized, including affected releases for each flaw, and links to the fixes in git: http://www.openwall.com/lists/oss-security/2012/07/17/1 Upstream release announcements: http://docs.moodle.org/dev/Moodle_1.9.19_release_notes http://docs.moodle.org/dev/Moodle_2.0.10_release_notes http://docs.moodle.org/dev/Moodle_2.1.7_release_notes http://docs.moodle.org/dev/Moodle_2.2.4_release_notes http://docs.moodle.org/dev/Moodle_2.3.1_release_notes
Created moodle tracking bugs for this issue Affects: fedora-all [bug 841954] Affects: epel-all [bug 824482]