-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-13040 2009-12-11 16:36:30 --------------------------------------------------------------------------------
Name : moodle Product : Fedora 10 Version : 1.9.7 Release : 1.fc10 URL : http://moodle.org/ Summary : A Course Management System Description : Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities. -------------------------------------------------------------------------------- Update Information: Moodle upstream has released latest stable versions (1.9.7 and 1.8.11), fixing multiple security issues. The list for 1.9.7 release: -------------------------- Security issues * MSA-09-0022 - Multiple CSRF problems fixed * MSA-09-0023 - Fixed user account disclosure in LAMS module * MSA-09-0024 - Fixed insufficient access control in Glossary module * MSA-09-0025 - Unneeded MD5 hashes removed from user table * MSA-09-0026 - Fixed invalid application access control in MNET interface * MSA-09-0027 - Ensured login information is always sent secured when using SSL for logins * MSA-09-0028 - Passwords and secrets are no longer ever saved in backups, new backup capabilities moodle/backup:userinfo and moodle/restore:userinfo for controlling who can backup/restore user data, new checks in the security overview report help admins identify dangerous backup permissions * MSA-09-0029 - A strong password policy is now enabled by default, enabling password salt in encouraged in config.php, admins are forced to change password after the upgrade and admins can force password change on other users via Bulk user actions * MSA-09-0030 - New detection of insecure Flash player plugins, Moodle won't serve Flash to insecure plugins * MSA-09-0031 - Fixed SQL injection in SCORM module The list for 1.8.11 release: ---------------------------- Security issues * MSA-09-0022 - Multiple CSRF problems fixed * MSA-09-0023 - Fixed user account disclosure in LAMS module * MSA-09-0024 - Fixed insufficient access control in Glossary module * MSA-09-0025 - Unneeded MD5 hashes removed from user table * MSA-09-0026 - Fixed invalid application access control in MNET interface * MSA-09-0027 - Ensured login information is always sent secured when using SSL for logins * MSA-09-0028 - Passwords and secrets are no longer ever saved in backups, new backup capabilities moodle/backup:userinfo and moodle/restore:userinfo for controlling who can backup/restore user data * MSA-09-0029 - Enabling a password salt in encouraged in config.php and admins are forced to change password after the upgrade * MSA-09-0031 - Fixed SQL injection in SCORM module References: ----------- http://docs.moodle.org/en/Moodle_1.9.7_release_notes http://docs.moodle.org/en/Moodle_1.8.11_release_notes CVE Request: ------------ http://www.openwall.com/lists/oss-security/2009/12/06/1 -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 8 2009 Jon Ciesla <l...@jcomserv.net> - 1.9.7-1 - Update to 1.9.7, BZ 544766. * Fri Apr 3 2009 Jon Ciesla <l...@jcomserv.net> - 1.9.4-7 - Move symlink scripts from pre to pretrans. - Corrented moodle-cron BZ 494090. * Thu Apr 2 2009 Jon Ciesla <l...@jcomserv.net> - 1.9.4-6.1 - Fix broken font deps. * Wed Apr 1 2009 Jon Ciesla <l...@jcomserv.net> - 1.9.4-6 - Patch for CVE-2009-1171, BZ 493109. * Tue Mar 24 2009 Jon Ciesla <l...@jcomserv.net> - 1.9.4-5 - Update for freefont->gnu-free-fonts change. * Thu Feb 26 2009 Jon Ciesla <l...@jcomserv.net> - 1.9.4-4 - Fix for symlink dir replacement. * Mon Feb 23 2009 Jon Ciesla <l...@jcomserv.net> - 1.9.4-2 - Putting back bundled MagpieRSS due to incompatibility, BZ 486777. - Corrected moodle-cron. * Tue Feb 10 2009 Jon Ciesla <l...@jcomserv.net> - 1.9.4-1 - Update to 1.9.4 to fix CVE-2009-0499,0500,0501,0502. * Tue Jan 27 2009 Jon Ciesla <l...@jcomserv.net> - 1.9.3-6 - Dropped and symlinked to khmeros-base-fonts. * Tue Jan 20 2009 Jon Ciesla <l...@jcomserv.net> - 1.9.3-5 - Dropped and symlinked illegal sm and to fonts. - Symlinking to FreeSans. - Drop spell-check-logic.cgi, CVE-2008-5153, per upstream, BZ 472117, 472119, 472120. * Wed Dec 17 2008 Jon Ciesla <l...@jcomserv.net> - 1.9.3-4 - Texed fix, BZ 476709. * Fri Nov 7 2008 Jon Ciesla <l...@jcomserv.net> - 1.9.3-3 - Moved to weekly downloaded 11/7/08 to fix Snoopy CVE-2008-4796. * Fri Oct 31 2008 Jon Ciesla <l...@jcomserv.net> - 1.9.3-2 - Fix for BZ 468929, overactive cron job. -------------------------------------------------------------------------------- References: [ 1 ] Bug #544766 - Moodle: Multiple security fixes in 1.9.7 and 1.8.11 upstream releases https://bugzilla.redhat.com/show_bug.cgi?id=544766 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update moodle' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce