Updated moodle packages fix security vulnerbilities
Publication date: 15 Sep 2014Modification date: 22 Sep 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-3617
Description
Updated moodle packages fix security vulnerabilities:
In Moodle before 2.6.5, users who had not yet posted the required answer in
a Q&A forum in order to access past posts were able to see the name of the
last person who had posted, as other authors are visible in
/mod/forum/view.php before the student has posted their own answer
(CVE-2014-3617).
References
- https://bugs.mageia.org/show_bug.cgi?id=14081
- https://moodle.org/mod/forum/discuss.php?d=269590
- https://moodle.org/mod/forum/discuss.php?d=269591
- https://moodle.org/mod/forum/discuss.php?d=269089
- https://docs.moodle.org/dev/Moodle_2.6.5_release_notes
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3617
SRPMS
3/core
- moodle-2.6.5-1.mga3
4/core
- moodle-2.6.5-1.mga4