Updated moodle package fixes security vulnerabilities
Publication date: 30 Nov 2013Modification date: 30 Nov 2013
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-4522 , CVE-2013-4523 , CVE-2013-4524 , CVE-2013-4525
Description
Some files were being delivered with incorrect headers in Moodle before
2.4.7, meaning they could be cached downstream (CVE-2013-4522).
Cross-site scripting in Moodle before 2.4.7 due to JavaScript in messages
being executed on some pages (CVE-2013-4523).
The file system repository in Moodle before 2.4.7 was allowing access to
files beyond the Moodle file area (CVE-2013-4524).
Cross-site scripting in Moodle before 2.4. due to JavaScript in question
answers being executed on the Quiz Results page (CVE-2013-4525).
References
- https://bugs.mageia.org/show_bug.cgi?id=11671
- https://moodle.org/mod/forum/discuss.php?d=244479
- https://moodle.org/mod/forum/discuss.php?d=244480
- https://moodle.org/mod/forum/discuss.php?d=244481
- https://moodle.org/mod/forum/discuss.php?d=244482
- http://docs.moodle.org/dev/Moodle_2.4.7_release_notes
- https://moodle.org/mod/forum/discuss.php?d=243213
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4522
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4523
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4524
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4525
SRPMS
3/core
- moodle-2.4.7-1.mga3