Advisories ยป MGASA-2013-0280

Updated moodle package fixes multiple security vulnerabilities

Publication date: 19 Sep 2013
Modification date: 19 Sep 2013
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-4313 , CVE-2013-4341

Description

Updated moodle package fixes security vulnerabilities:

Null characters were allowed in query strings in Moodle before 2.4.6, which
caused sql statements to terminate and fail, potentially allowing sql
injection in Moodle's SQL Server driver (CVE-2013-4313).

Links to external blogs were not being adequately cleaned in Moodle before
2.4.6, potentially allowing for XSS attacks (CVE-2013-4341).
                

References

SRPMS

3/core