Parent Directory
| 
Revision Log
fix up duplicated mitre cve links
| 1 | type: security |
| 2 | subject: Updated moodle package fixes security vulnerabilities |
| 3 | CVE: |
| 4 | - CVE-2014-0008 |
| 5 | - CVE-2014-0009 |
| 6 | - CVE-2014-0010 |
| 7 | src: |
| 8 | 3: |
| 9 | core: |
| 10 | - moodle-2.4.8-1.mga3 |
| 11 | 4: |
| 12 | core: |
| 13 | - moodle-2.4.8-1.mga4 |
| 14 | description: | |
| 15 | Updated moodle package fixes security vulnerabilities: |
| 16 | |
| 17 | In Moodle before 2.4.8, some password changes on admin pages were being |
| 18 | recorded and shown to administrators in the config log report |
| 19 | (CVE-2014-0008). |
| 20 | |
| 21 | In Moodle before 2.4.8, users were able to log in as a user who in a is |
| 22 | not in the same group without the permission to see all groups |
| 23 | (CVE-2014-0009). |
| 24 | |
| 25 | In Moodle 2.4.8, custom profile fields and categories were open to |
| 26 | deletion without proper session checking, due to two Cross-site Request |
| 27 | Forgery(CSRF) vulnerabilities in /user/profile/index.php (CVE-2014-0010). |
| 28 | references: |
| 29 | - https://bugs.mageia.org/show_bug.cgi?id=12385 |
| 30 | - https://moodle.org/mod/forum/discuss.php?d=252414 |
| 31 | - https://moodle.org/mod/forum/discuss.php?d=252415 |
| 32 | - https://moodle.org/mod/forum/discuss.php?d=252416 |
| 33 | - http://docs.moodle.org/dev/Moodle_2.4.8_release_notes |
| 34 | - https://moodle.org/mod/forum/discuss.php?d=251856 |
| 35 | - https://lists.fedoraproject.org/pipermail/package-announce/2014-January/127510.html |
| 36 | ID: MGASA-2014-0053 |
| ViewVC Help | |
| Powered by ViewVC 1.1.30 |