A security flaw was found in the way Moodle course management system performed permission check on course reset page (the course reset link was protected by a correct permission, but the reset page itself was being checked for a different permission). A remote attacker could use this flaw to in an unauthorized way to reset particular course. Upstream patch: [1] http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34519 References: [2] http://www.openwall.com/lists/oss-security/2012/09/17/1
This issue affects the versions of the moodle package, as shipped with Fedora release of 16 and 17. Please schedule an update. -- This issue affects the versions of the moodle package, as shipped with Fedora EPEL 5 and Fedora EPEL 6. Please schedule an update.
Update in progress, not linked to any BZ, none assigned to me.
Created moodle tracking bugs for this issue Affects: fedora-17 [bug 857981]
Created moodle tracking bugs for this issue Affects: fedora-16 [bug 857983]
Created moodle tracking bugs for this issue Affects: epel-6 [bug 857984]
Created moodle tracking bugs for this issue Affects: epel-5 [bug 857986]