Advisories ยป MGASA-2016-0029

Updated moodle packages fix security vulnerability

Publication date: 20 Jan 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-0724 , CVE-2016-0725

Description

In Moodle before 2.8.10, web services
core_enrol_get_course_enrolment_methods and
enrol_self_get_instance_info did not check user permission to access
hidden courses (CVE-2016-0724).

In Moodle before 2.8.10, search string in course management interface was
not escaped when being output creating potential for XSS attack
(CVE-2016-0725).
                

References

SRPMS

5/core