The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[USN-658-1] Moodle vulnerability


<< Previous INDEX Search src / Print Next >>
Date: Thu, 23 Oct 2008 14:33:41 -0700
From: Kees Cook <kees@ubuntu.com.>
To: [email protected]
Subject: [USN-658-1] Moodle vulnerability
Message-ID: <20081023213341.GD21108@outflux.net.>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="eAbsdosE1cNLO4uF"
Content-Disposition: inline
Organization: Ubuntu
X-MIMEDefang-Filter: outflux$Revision: 1.316 $
X-HELO: www.outflux.net
X-Scanned-By: MIMEDefang 2.63 on 10.2.0.1
X-Virus-Scanned: antivirus-gw at tyumen.ru


--eAbsdosE1cNLO4uF
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline


Ubuntu Security Notice USN-658-1 October 23, 2008 moodle vulnerability CVE-2008-1502, CVE-2008-1502
A security issue affects the following Ubuntu releases: Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.10: moodle 1.8.2-1ubuntu2.1 Ubuntu 8.04 LTS: moodle 1.8.2-1ubuntu4.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Lukasz Pilorz discovered that the HTML filtering used in Moodle was not strict enough. A remote attacker could send malicious requests to Moodle and execute arbitrary code as the web server user. Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1ubuntu2.1.diff.gz Size/MD5: 19705 cddd2761b29fe98f6f0686155b299f48 http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1ubuntu2.1.dsc Size/MD5: 741 1590c124a2dbff31fa8aee6f5a3add91 http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2.orig.tar.gz Size/MD5: 10157112 4e6afcfd567571af0638533d157f9181 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1ubuntu2.1_all.deb Size/MD5: 9294484 c7ec1ead92a220103ea5ca5b439718bb Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1ubuntu4.1.diff.gz Size/MD5: 19903 31e6f4b817f844d93c4704cdfa70caf0 http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1ubuntu4.1.dsc Size/MD5: 741 7968ef24932d8eae67263dc57985050c http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2.orig.tar.gz Size/MD5: 10157112 4e6afcfd567571af0638533d157f9181 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1ubuntu4.1_all.deb Size/MD5: 9294736 536da637d3f4f399a467a077575660e4 --eAbsdosE1cNLO4uF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Kees Cook <kees@outflux.net.> iEYEARECAAYFAkkA7bUACgkQH/9LqRcGPm3o3QCghuJPXqFKWCfAFsCEdpQJkdLN 82oAn3YXNm+swMlkPfw17Hk6hobQHIW1 =tY3i -----END PGP SIGNATURE----- --eAbsdosE1cNLO4uF--

<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру