Security Information / 2011 / Security Information -- DSA-2262-1 moodle

Debian Security Advisory

DSA-2262-1 moodle -- several vulnerabilities

Date Reported:

15 Jun 2011

Affected Packages:

moodle

Vulnerable:

Yes

Security database references:

No other external database security references currently available.

More information:

Several cross-site scripting and information disclosure issues have been fixed in Moodle, a course management system for online learning:

• MSA-11-0002

  Cross-site request forgery vulnerability in RSS block

• MSA-11-0003

  Cross-site scripting vulnerability in tag autocomplete

• MSA-11-0008

  IMS enterprise enrolment file may disclose sensitive information

• MSA-11-0011

  Multiple cross-site scripting problems in media filter

• MSA-11-0015

  Cross Site Scripting through URL encoding

• MSA-11-0013

  Group/Quiz permissions issue

For the stable distribution (squeeze), this problem has been fixed in version 1.9.9.dfsg2-2.1+squeeze1.

For the unstable distribution (sid), this problem has been fixed in version 1.9.9.dfsg2-3.

We recommend that you upgrade your moodle packages.