Advisories ยป MGASA-2015-0057

Updated moodle packages fix CVE-2015-1493

Publication date: 09 Feb 2015
Modification date: 09 Feb 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-1493

Description

Updated moodle package fixes security vulnerability:

In Moodle before 2.6.8, parameter "file" passed to scripts serving JS was not
always cleaned from including "../" in the path, allowing to read files
located outside of moodle directory. All OS's are affected, but especially
vulnerable are Windows servers (CVE-2015-1493).
                

References

SRPMS

4/core