-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2013-12102 2013-11-14 18:13:55 --------------------------------------------------------------------------------
Name : moodle Product : Fedora EPEL 6 Version : 2.4.7 Release : 1.el6 URL : http://moodle.org/ Summary : A Course Management System Description : Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities.
-------------------------------------------------------------------------------- Update Information:
Latest upstreams, multiple security fixes.
Name: CVE-2013-6780 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6780 Assigned: 20131112 Reference: https://yuilibrary.com/support/20131111-vulnerability/
Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter.
Name: CVE-2013-3630 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3630 [Open">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3630%22%3EOpen URL] Assigned: 20130521 Reference: https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss... [Open">https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss... URL] Reference: https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tric... [Open">https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tric... URL]
Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1025655 - CVE-2013-3630 moodle: authenticated remote command execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1025655 [ 2 ] Bug #1025656 - CVE-2013-3630 moodle: authenticated remote command execution [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1025656 [ 3 ] Bug #1030084 - CVE-2013-6780 moodle: XSS vulnerability in YUI 2.5.0 through 2.9.0 [epel-5] https://bugzilla.redhat.com/show_bug.cgi?id=1030084 [ 4 ] Bug #1030085 - CVE-2013-6780 moodle: XSS vulnerability in YUI 2.5.0 through 2.9.0 [fedora-18] https://bugzilla.redhat.com/show_bug.cgi?id=1030085 --------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use su -c 'yum update moodle' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
epel-package-announce@lists.fedoraproject.org