Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 07 Dec 2011 15:39:31 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Vincent Danen <vdanen@...hat.com>
Subject: Re: CVE request: Moodle 1.9.15/2.0.6/2.1.3 releases

On 12/07/2011 03:11 PM, Vincent Danen wrote:
> MSA-11-0042: Information leak in Wiki
> Affects: 2.1.x, 2.0.x Fix:
> http://git.moodle.org/gw?p=moodle.git;a=commit;h=140af2a0f0a4598bf568b9ae182cb81eb583edeb
> Reference: http://moodle.org/mod/forum/discuss.php?d=191747
>
Please use CVE-2011-4581 for this issue


> MSA-11-0043: Possible link redirect in Calendar
> Affects: 2.1.x
> Fix:
> http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28720&sr=1
>
> Reference: http://moodle.org/mod/forum/discuss.php?d=191748
>
Please use CVE-2011-4582 for this issue


> MSA-11-0044: Expired identification information shown in Web services
> Affects: 2.1.x, 2.0.x
> Fix:
> http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28670&sr=1
>
> Reference: http://moodle.org/mod/forum/discuss.php?d=191750
>
Please use CVE-2011-4583 for this issue


> MSA-11-0045: Potential to masquerade through MNet Affects: 2.1.x,
> 2.0.x, 1.9.x
> Fix:
> http://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=10df8657c1c138c0d0ab1d4796c552fcec0c299b
>
> Reference: http://moodle.org/mod/forum/discuss.php?d=191751
>
Please use CVE-2011-4584 for this issue


> MSA-11-0046: Insecure authentication transmission
> Affects: 1.9.x
> Fix:
> http://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=01dd64a8c8aa95f793accea371b2392e662663c5
>
> Reference: http://moodle.org/mod/forum/discuss.php?d=191752
>
Please use CVE-2011-4585 for this issue


> MSA-11-0047: Possible injection attack in Calendar
> Affects: 2.1.x, 2.0.x, 1.9.x
> Fix:
> http://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=581e8dba387f090d89382115fd850d8b44351526
>
> Reference: moodle.org/mod/forum/discuss.php?d=191754
>
Please use CVE-2011-4586 for this issue


> MSA-11-0048: Password loss issue
> Affects: 2.1.x, 2.0.x, 1.9.x
> Fix:
> http://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=e079e82c087becf06d902089d14f3f76686bde19
>
> Reference: http://moodle.org/mod/forum/discuss.php?d=191755
>
Please use CVE-2011-4587 for this issue


> MSA-11-0049: Network restriction ineffective with MNet
> Affects: 1.9.x
> Fix:
> http://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=3ab2851d2a59721445945d0706c58092e07e861e
>
> Reference: http://moodle.org/mod/forum/discuss.php?d=191756
>
Please use CVE-2011-4588 for this issue


> MSA-11-0050: Backup capability issue
> Affects: 2.1.x, 2.0.x
> Fix:
> http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29591
>
> Reference: http://moodle.org/mod/forum/discuss.php?d=191758
>
Please use CVE-2011-4589 for this issue


> MSA-11-0051: Authentication issue with Web services
> Affects: 2.1.x, 2.0.x
> Fix:
> http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28629
>
> Reference: http://moodle.org/mod/forum/discuss.php?d=191759
>
Please use CVE-2011-4590 for this issue


> MSA-11-0052: Potential to exploit developer debugging scripts
> Affects: 2.1.x, 2.0.x
> Fix:
> http://git.moodle.org/gw?p=moodle.git;a=commit;h=187672608ec96659e07f2461b3b83634debd16cb
>
> Reference: http://moodle.org/mod/forum/discuss.php?d=191760
>
Please use CVE-2011-4591 for this issue


> MSA-11-0053: Security and system administration conflict
> Affects: 2.1.x, 2.0.x
> Fix:
> http://git.moodle.org/gw?p=moodle.git;a=commit;h=ade30ad3c420ce035a3d68287db701b70e806b3f
>
> Refrence: http://moodle.org/mod/forum/discuss.php?d=191761
>
Please use CVE-2011-4592 for this issue


> MSA-11-0054: Personal information leak
> Affects: 2.1.x, 2.0.x
> Fix:
> http://git.moodle.org/gw?p=moodle.git;a=commit;h=e94113a859015a4a80b9397957b8fc4044e2951f
>
> Reference: http://moodle.org/mod/forum/discuss.php?d=191762
Please use CVE-2011-4593 for this issue

-- 

-Kurt Seifried / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.