A security flaw was found in the way Moodle, a course management system, protected access to the site-wide WebDav repositories. A remote attacker (valid Moodle user) could use this flaw to in an unauthorized way to alter (view, edit, and delete) content of the site-wide WebDav repositories. References: [1] http://www.openwall.com/lists/oss-security/2013/03/25/2 Relevant upstream patches: [2] http://git.moodle.org/gw?p=moodle.git;a=commit;h=ac5fc5953426befb1232106ade9e42ff239d9b63 [3] http://git.moodle.org/gw?p=moodle.git;a=commit;h=bd6581935d5e4f3138b7e1029fe17af4e306db60 [4] http://git.moodle.org/gw?p=moodle.git;a=commit;h=da9d3a1205377c027d7b476903bdbd520dd240d0 [5] http://git.moodle.org/gw?p=moodle.git;a=commit;h=89a9d21a15ec8bca9873f102375a6071258bc1e6
This issue affects the versions of the moodle package, as shipped with Fedora release of 18, 17, and Fedora EPEL-6. Please schedule an update. -- This issue did NOT affect the version of the moodle package, as shipped with Fedora EPEL-5.
Created moodle tracking bugs for this issue Affects: fedora-18 [bug 927264]
Created moodle tracking bugs for this issue Affects: fedora-17 [bug 927267]
Created moodle tracking bugs for this issue Affects: epel-6 [bug 927273]