|
Find the information you need for your favorite open source distribution
 To browse through our weekly Linux Advisory Watch newsletters, click here.
|
|
|
Moodle upstream has released latest stable versions (1.9.7 and 1.8.11), fixing
multiple security issues. The list for 1.9.7 release:
-------------------------- Security issues * MSA-09-0022 - Multiple
CSRF problems fixed * MSA-09-0023 - Fixed user account disclosure in LAMS
module * MSA-09-0024 - Fixed insufficient access control in Glossary module
* MSA-09-0025 - Unneeded MD5 hashes removed from user table * MSA-09-0026 -
Fixed invalid application access control in MNET interface * MSA-09-0027 -
Ensured login information is always sent secured when using
SSL for logins * MSA-09-0028 - Passwords and secrets are no longer ever
saved in backups, new backup capabilities
moodle/backup:userinfo and moodle/restore:userinfo for
controlling who can backup/restore user data, new checks in
the security overview report help admins identify dangerous
backup permissions * MSA-09-0029 - A strong password
policy is now enabled by default, enabling password salt in
encouraged in config.php, admins are forced to change
password after the upgrade and admins can force password
change on other users via Bulk user actions *
MSA-09-0030 - New detection of insecure Flash player plugins, Moodle
won't serve Flash to insecure plugins * MSA-09-0031 - Fixed SQL injection
in SCORM module The list for 1.8.11 release: ----------------------------
Security issues * MSA-09-0022 - Multiple CSRF problems fixed *
MSA-09-0023 - Fixed user account disclosure in LAMS module * MSA-09-0024 -
Fixed insufficient access control in Glossary module * MSA-09-0025 -
Unneeded MD5 hashes removed from user table * MSA-09-0026 - Fixed invalid
application access control in MNET interface * MSA-09-0027 - Ensured login
information is always sent secured when using SSL for
logins * MSA-09-0028 - Passwords and secrets are no longer ever saved in
backups, new backup capabilities moodle/backup:userinfo and
moodle/restore:userinfo for controlling who can
backup/restore user data * MSA-09-0029 - Enabling a password salt in
encouraged in config.php and admins are forced to change
password after the upgrade * MSA-09-0031 -
Fixed SQL injection in SCORM module References: -----------
http://docs.moodle.org/en/Moodle_1.9.7_release_notes
http://docs.moodle.org/en/Moodle_1.8.11_release_notes CVE Request:
------------ http://www.openwall.com/lists/oss-security/2009/12/06/1 |
|
|
Update to 1.8.6 p368 This package also fixes the build failure on arm
-gnueabi systems (bug 506233), and DOS vulnerability issue on BigDecimal method
(bug 504958, CVE-2009-1904) |
|
|
This update fixes possible DoS with mode 7 packets. (CVE-2009-3563) |
|
|
Moodle upstream has released latest stable versions (1.9.7 and 1.8.11), fixing
multiple security issues. The list for 1.9.7 release:
-------------------------- Security issues * MSA-09-0022 - Multiple
CSRF problems fixed * MSA-09-0023 - Fixed user account disclosure in LAMS
module * MSA-09-0024 - Fixed insufficient access control in Glossary module
* MSA-09-0025 - Unneeded MD5 hashes removed from user table * MSA-09-0026 -
Fixed invalid application access control in MNET interface * MSA-09-0027 -
Ensured login information is always sent secured when using
SSL for logins * MSA-09-0028 - Passwords and secrets are no longer ever
saved in backups, new backup capabilities
moodle/backup:userinfo and moodle/restore:userinfo for
controlling who can backup/restore user data, new checks in
the security overview report help admins identify dangerous
backup permissions * MSA-09-0029 - A strong password
policy is now enabled by default, enabling password salt in
encouraged in config.php, admins are forced to change
password after the upgrade and admins can force password
change on other users via Bulk user actions *
MSA-09-0030 - New detection of insecure Flash player plugins, Moodle
won't serve Flash to insecure plugins * MSA-09-0031 - Fixed SQL injection
in SCORM module The list for 1.8.11 release: ----------------------------
Security issues * MSA-09-0022 - Multiple CSRF problems fixed *
MSA-09-0023 - Fixed user account disclosure in LAMS module * MSA-09-0024 -
Fixed insufficient access control in Glossary module * MSA-09-0025 -
Unneeded MD5 hashes removed from user table * MSA-09-0026 - Fixed invalid
application access control in MNET interface * MSA-09-0027 - Ensured login
information is always sent secured when using SSL for
logins * MSA-09-0028 - Passwords and secrets are no longer ever saved in
backups, new backup capabilities moodle/backup:userinfo and
moodle/restore:userinfo for controlling who can
backup/restore user data * MSA-09-0029 - Enabling a password salt in
encouraged in config.php and admins are forced to change
password after the upgrade * MSA-09-0031 -
Fixed SQL injection in SCORM module References: -----------
http://docs.moodle.org/en/Moodle_1.9.7_release_notes
http://docs.moodle.org/en/Moodle_1.8.11_release_notes CVE Request:
------------ http://www.openwall.com/lists/oss-security/2009/12/06/1 |
|
|
CVE-2009-4131: EXT4 - fix insufficient permission checking which could result
in arbitrary data corruption by a local unprivileged user. |
|
|
This update contains the latest stable release of Apache httpd. Three security
fixes are included, along with several minor bug fixes. A flaw was found in
the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols
handle session renegotiation. A man-in-the-middle attacker could use this flaw
to prefix arbitrary plain text to a client's session (for example, an HTTPS
connection to a website). This could force the server to process an attacker's
request as if authenticated using the victim's credentials. This update
partially mitigates this flaw for SSL sessions to HTTP servers using mod_ssl by
rejecting client-requested renegotiation. (CVE-2009-3555) Note: This update
does not fully resolve the issue for HTTPS servers. An attack is still possible
in configurations that require a server-initiated renegotiation A NULL
pointer dereference flaw was found in the Apache mod_proxy_ftp module. A
malicious FTP server to which requests are being proxied could use this flaw to
crash an httpd child process via a malformed reply to the EPSV or PASV commands,
resulting in a limited denial of service. (CVE-2009-3094) A second flaw was
found in the Apache mod_proxy_ftp module. In a reverse proxy configuration, a
remote attacker could use this flaw to bypass intended access restrictions by
creating a carefully-crafted HTTP Authorization header, allowing the attacker to
send arbitrary commands to the FTP server. (CVE-2009-3095) See the upstream
changes file for further information:
http://www.apache.org/dist/httpd/CHANGES_2.2.14 |
|
|
Update to 3.12.5 This update fixes the following security flaw:
CVE-2009-3555 TLS: MITM attacks via session renegotiation |
|
|
<< Start < Prev 1 2 3 Next > End >>
|
| Results 1 - 7 of 2634 |
