Moodle upstream has released upstream 2.2.3, 2.1.6, 2.0.9 and 1.9.18 versions: [1] http://docs.moodle.org/dev/Moodle_2.2.3_release_notes [2] http://docs.moodle.org/dev/Moodle_2.1.6_release_notes [3] http://docs.moodle.org/dev/Moodle_2.0.9_release_notes [4] http://docs.moodle.org/dev/Moodle_1.9.18_release_notes correcting multiple security flaws (each of the releases different subset): Summarizing post for the flaws (including relevant upstream patches for each of them): [5] http://www.openwall.com/lists/oss-security/2012/05/23/2
The (shortened detail) list of security fixes: ============================================== CVE-2012-2353 MSA-12-0024: Hidden information access issue CVE-2012-2354 MSA-12-0025: Personal communication access issue CVE-2012-2355 MSA-12-0026: Quiz capability issue CVE-2012-2356 MSA-12-0027: Question bank capability issues CVE-2012-2357 MSA-12-0028: Insecure authentication issue CVE-2012-2358 MSA-12-0029: Information editing access issue CVE-2012-2359 MSA-12-0030: Capability manipulation issue CVE-2012-2360 MSA-12-0031: Cross-site scripting vulnerability in Wiki CVE-2012-2361 MSA-12-0032: Cross-site scripting vulnerability in Web services CVE-2012-2362 MSA-12-0033: Cross-site scripting vulnerability in Blog CVE-2012-2363 MSA-12-0034: Potential SQL injection issue CVE-2012-2364 MSA-12-0035: Cross-site scripting vulnerability in "download all" CVE-2012-2365 MSA-12-0036: Cross-site scripting vulnerability in category identifier CVE-2012-2366 MSA-12-0037: Write access issue in Database activity module CVE-2012-2367 MSA-12-0038: Calendar event write permission issue
Created moodle tracking bugs for this issue Affects: fedora-all [bug 824481] Affects: epel-all [bug 824482]
Current release versions show this is fixed in all but EPEL5: Fedora-16: http://koji.fedoraproject.org/packages/moodle/2.0.9/1.fc16 Fedora-17: http://koji.fedoraproject.org/packages/moodle/2.2.3/1.fc17 Fedora-Rawhide: http://koji.fedoraproject.org/packages/moodle/2.2.3/1.fc18 EPEL-5: http://koji.fedoraproject.org/packages/moodle/1.8.13/4.el5 EPEL-6: http://koji.fedoraproject.org/packages/moodle/2.1.6/1.el6