Fedora alert FEDORA-2010-13250 (moodle)
| From: | updates@fedoraproject.org | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 13 Update: moodle-1.9.9-2.fc13 | |
| Date: | Sat, 21 Aug 2010 04:29:52 +0000 | |
| Message-ID: | <20100821042952.A5C3810F8EE@bastion02.phx2.fedoraproject.org> | |
| Archive‑link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-13250 2010-08-21 03:57:21 -------------------------------------------------------------------------------- Name : moodle Product : Fedora 13 Version : 1.9.9 Release : 2.fc13 URL : http://moodle.org/ Summary : A Course Management System Description : Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities. -------------------------------------------------------------------------------- Update Information: Multiple security fixes. No longer uses bundled php-pear-CAS. -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 19 2010 Jon Ciesla <limb@jcomserv.net> - 1.9.9-2 - Switch to system php-pear-CAS, BZ 577467, 620772. - Patching htmlpurifier, BZ 624754. * Tue Jun 22 2010 Jon Ciesla <limb@jcomserv.net> - 1.9.9-1 - Update to 1.9.9, BZ 605810. -------------------------------------------------------------------------------- References: [ 1 ] Bug #620743 - CVE-2010-2795 php-pear-CAS: authenticated session hijack by providing new well formed ticket (PHPCAS-61) https://bugzilla.redhat.com/show_bug.cgi?id=620743 [ 2 ] Bug #620751 - CVE-2010-2796 php-pear-CAS: XSS in proxy mode (PHPCAS-67) https://bugzilla.redhat.com/show_bug.cgi?id=620751 [ 3 ] Bug #624753 - CVE-2010-2479 moodle, sahana: XSS flaw in embedded HTML Purifier allows remote arbitrary web script injection https://bugzilla.redhat.com/show_bug.cgi?id=624753 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update moodle' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-...