-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2019-5d3da674fb 2019-02-09 01:43:13.408082 --------------------------------------------------------------------------------
Name : moodle Product : Fedora EPEL 7 Version : 3.1.16 Release : 1.el7 URL : http://moodle.org/ Summary : A Course Management System Description : Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities.
-------------------------------------------------------------------------------- Update Information:
Multiple CVE fixes. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1668074 - CVE-2019-3810 moodle: User full name is not escaped in the un-linked userpix page (MSA-19-0003) [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1668074 [ 2 ] Bug #1668068 - CVE-2019-3809 moodle: Blind SSRF Risk in /badges/mybackpack.php (MSA-19-0002) [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1668068 [ 3 ] Bug #1668066 - CVE-2019-3808 moodle: Manage groups capability is missing XSS risk flag (MSA-19-0001) [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1668066 [ 4 ] Bug #1668065 - CVE-2019-3808 moodle: Manage groups capability is missing XSS risk flag (MSA-19-0001) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1668065 --------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use su -c 'yum update moodle' at the command line. For more information, refer to "YUM", available at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7%5C /html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------