-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-13396 2010-08-24 01:08:50 -------------------------------------------------------------------------------- Name : moodle Product : Fedora 14 Version : 1.9.9 Release : 2.fc14 URL : http://moodle.org/ Summary : A Course Management System Description : Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities. -------------------------------------------------------------------------------- Update Information: Multiple security fixes. No longer uses bundled php-pear-CAS. -------------------------------------------------------------------------------- References: [ 1 ] Bug #620743 - CVE-2010-2795 php-pear-CAS: authenticated session hijack by providing new well formed ticket (PHPCAS-61) https://bugzilla.redhat.com/show_bug.cgi?id=620743 [ 2 ] Bug #620751 - CVE-2010-2796 php-pear-CAS: XSS in proxy mode (PHPCAS-67) https://bugzilla.redhat.com/show_bug.cgi?id=620751 [ 3 ] Bug #624753 - CVE-2010-2479 moodle, sahana: XSS flaw in embedded HTML Purifier allows remote arbitrary web script injection https://bugzilla.redhat.com/show_bug.cgi?id=624753 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update moodle' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------