Advisories ยป MGASA-2015-0110

Updated moodle packages fix security vulnerabilities

Publication date: 18 Mar 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-2266 , CVE-2015-2267 , CVE-2015-2268 , CVE-2015-2269 , CVE-2015-2270 , CVE-2015-2271 , CVE-2015-2272 , CVE-2015-2273


Updated moodle package fixes security vulnerabilities:

In Moodle before 2.6.9, by modifying URL a logged in user can view the list
of another user's contacts, number of unread messages and list of their
courses (CVE-2015-2266).

In Moodle before 2.6.9, authentication in mdeploy can be bypassed. It is
theoretically possible to extract files anywhere on the system where the web
server has write access. The attacking user must know details about the
system and already have significant permissions on the site (CVE-2015-2267).

In Moodle before 2.6.9, a non-optimal regular expression in the "Convert
links to URLs" filter could be exploited to create extra server load or make
particular pages unavailable (CVE-2015-2268).

In Moodle before 2.6.9, it is possible to create HTML injection through
blocks with configurable titles, however this could only be exploited by
users who are already marked as XSS-trusted (CVE-2015-2269).

In Moodle before 2.6.9, for the custom themes that use blocks regions in the
base layout the blocks for inaccessible courses could be displayed together
with sensitive course-related information. Most of the themes, including all
standard Moodle themes, are not affected (CVE-2015-2270).

In Moodle before 2.6.9, users without proper permission are able to mark
tags as inappropriate. Since this capability is given to authenticated users
by default, this is not an issue for most sites (CVE-2015-2271).

In Moodle before 2.6.9, even when user's password is forced to be changed on
login, user could still use it for authentication in order to create the web
service token and therefore extend the life of the temporary password via
web services (CVE-2015-2272).

In Moodle before 2.6.9, Quiz statistics report did not properly escape
student responses and could be used for XSS attack (CVE-2015-2273).