A security flaw was found in the way Moodle, a course management system, performed notes editation (it was possible to assign a note to a different user during note editation). A remote attacker (valid Moodle user) could use this flaw to in an unauthorized way alter edit notes form content, leading to their ability to assign note to selected user. References: [1] http://www.openwall.com/lists/oss-security/2013/03/25/2 Relevant upstream patch: [2] http://git.moodle.org/gw?p=moodle.git;a=commit;h=6a9235c998dab2ec0ddc49898a59dd5089156cb0
This issue affects the versions of the moodle package, as shipped with Fedora release of 18, 17, Fedora EPEL-6 and Fedora EPEL-5. Please schedule an update.
Created moodle tracking bugs for this issue Affects: fedora-18 [bug 927264]
Created moodle tracking bugs for this issue Affects: fedora-17 [bug 927267]
Created moodle tracking bugs for this issue Affects: epel-6 [bug 927273]
Created moodle tracking bugs for this issue Affects: epel-5 [bug 927280]