A vulnerability was found in Moodle where the decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk. This affects versions 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.
External References: https://moodle.org/mod/forum/discuss.php?d=410842
Created moodle tracking bugs for this issue: Affects: fedora-all [bug 1927278]
Created moodle tracking bugs for this issue: Affects: epel-7 [bug 1927286]
Security flaws will close automatically upon closing the last tracker. There is still a tracker for epel-7 that is open. Reopened the flaw.
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.