-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-13080 2009-12-11 16:38:46 --------------------------------------------------------------------------------
Name : moodle Product : Fedora 11 Version : 1.9.7 Release : 1.fc11 URL : http://moodle.org/ Summary : A Course Management System Description : Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities. -------------------------------------------------------------------------------- Update Information: Moodle upstream has released latest stable versions (1.9.7 and 1.8.11), fixing multiple security issues. The list for 1.9.7 release: -------------------------- Security issues * MSA-09-0022 - Multiple CSRF problems fixed * MSA-09-0023 - Fixed user account disclosure in LAMS module * MSA-09-0024 - Fixed insufficient access control in Glossary module * MSA-09-0025 - Unneeded MD5 hashes removed from user table * MSA-09-0026 - Fixed invalid application access control in MNET interface * MSA-09-0027 - Ensured login information is always sent secured when using SSL for logins * MSA-09-0028 - Passwords and secrets are no longer ever saved in backups, new backup capabilities moodle/backup:userinfo and moodle/restore:userinfo for controlling who can backup/restore user data, new checks in the security overview report help admins identify dangerous backup permissions * MSA-09-0029 - A strong password policy is now enabled by default, enabling password salt in encouraged in config.php, admins are forced to change password after the upgrade and admins can force password change on other users via Bulk user actions * MSA-09-0030 - New detection of insecure Flash player plugins, Moodle won't serve Flash to insecure plugins * MSA-09-0031 - Fixed SQL injection in SCORM module The list for 1.8.11 release: ---------------------------- Security issues * MSA-09-0022 - Multiple CSRF problems fixed * MSA-09-0023 - Fixed user account disclosure in LAMS module * MSA-09-0024 - Fixed insufficient access control in Glossary module * MSA-09-0025 - Unneeded MD5 hashes removed from user table * MSA-09-0026 - Fixed invalid application access control in MNET interface * MSA-09-0027 - Ensured login information is always sent secured when using SSL for logins * MSA-09-0028 - Passwords and secrets are no longer ever saved in backups, new backup capabilities moodle/backup:userinfo and moodle/restore:userinfo for controlling who can backup/restore user data * MSA-09-0029 - Enabling a password salt in encouraged in config.php and admins are forced to change password after the upgrade * MSA-09-0031 - Fixed SQL injection in SCORM module References: ----------- http://docs.moodle.org/en/Moodle_1.9.7_release_notes http://docs.moodle.org/en/Moodle_1.8.11_release_notes CVE Request: ------------ http://www.openwall.com/lists/oss-security/2009/12/06/1 -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 8 2009 Jon Ciesla <l...@jcomserv.net> - 1.9.7-1 - Update to 1.9.7, BZ 544766. * Thu Nov 5 2009 Jon Ciesla <l...@jcomserv.net> - 1.9.6-2 - Reverted erroneous cron fix. * Thu Nov 5 2009 Jon Ciesla <l...@jcomserv.net> - 1.9.6-1 - Update to 1.9.6. - Make moodle-cron honor lock, BZ 533171. * Wed Sep 23 2009 Jon Ciesla <l...@jcomserv.net> - 1.9.5-3 - Using weekly snapshot downloaded 09/23/2009 for new PHP, BZ 525120 - Added Urdu installer. * Sat Jul 25 2009 Fedora Release Engineering <rel-...@lists.fedoraproject.org> - 1.9.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Thu May 14 2009 Jon Ciesla <l...@jcomserv.net> - 1.9.5-1 - Move symlink scripts from pretrans to post, pre. - 1.9.5. -------------------------------------------------------------------------------- References: [ 1 ] Bug #544766 - Moodle: Multiple security fixes in 1.9.7 and 1.8.11 upstream releases https://bugzilla.redhat.com/show_bug.cgi?id=544766 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update moodle' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce