Site Navigation:
security moodle-2.5.6-1.fc20 security update
Status:stable
Release: Fedora 20
Update ID: FEDORA-2014-6585
Builds: moodle-2.5.6-1.fc20 (logs)
Pushed: True
Date Submitted: 2014-05-21 12:28:29
Date Released: 2014-05-21 22:40:50
Submitter: limb
Karma: 0
Stable karma: 3
Unstable karma: -3
Details

Moodle upstream has released versions 2.7, 2.6.3, 2.5.6, and 2.4.10 to fix the following security flaws:

CVE-2014-0213 MSA-14-0014: Cross-site request forgery possible in Assignment CVE-2014-0214 MSA-14-0015: Web service token expiry issue for MoodleMobile CVE-2014-0215 MSA-14-0016: Anonymous student identity revealed in assignment CVE-2014-0216 MSA-14-0017: File access issue in HTML block CVE-2014-0217 MSA-14-0018: Information leak in courses CVE-2014-0218 MSA-14-0019: Reflected XSS in URL downloader repository

For a full summary and patch links, refer to the following:

http://seclists.org/oss-sec/2014/q2/329

Bugs Fixed
1099766 - CVE-2014-0218: CVE-2014-0213 CVE-2014-0215 CVE-2014-0214 CVE-2014-0217 CVE-2014-0216 moodle: upstream 2.7, 2.6.3, 2.5.6, and 2.4.10 security fixes [epel-all]
1099765 - CVE-2014-0218: CVE-2014-0213 CVE-2014-0215 CVE-2014-0214 CVE-2014-0217 CVE-2014-0216 moodle: upstream 2.7, 2.6.3, 2.5.6, and 2.4.10 security fixes [fedora-all]
Feedback
bodhi - 2014-05-21 12:28:40
This update has been submitted for testing by limb.
autoqa - 2014-05-21 12:48:04
AutoQA: depcheck test PASSED on x86_64. Result log: http://autoqa.fedoraproject.org/report/1e1vt (results are informative only)
autoqa - 2014-05-21 12:48:47
AutoQA: depcheck test PASSED on i386. Result log: http://autoqa.fedoraproject.org/report/1e1vy (results are informative only)
bodhi - 2014-05-21 15:44:14
This update is currently being pushed to the Fedora 20 testing updates repository.
bodhi - 2014-05-21 23:30:00
This update has been pushed to testing
williamjmorenor - 2014-05-28 18:24:40
Think work in a fresh install, not sure it's work fine to update a working install and not sure about security flags :-/
bodhi - 2014-05-29 04:04:07
This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes
bodhi - 2014-05-29 11:56:21
This update has been submitted for stable by limb.
autoqa - 2014-05-29 12:18:53
AutoQA: upgradepath test PASSED on noarch. Result log: http://autoqa.fedoraproject.org/report/1e6g7 (results are informative only)
bodhi - 2014-05-29 15:59:23
This update is currently being pushed to the Fedora 20 stable updates repository.
bodhi - 2014-05-29 23:27:41
This update has been pushed to stable

Add a comment

Tip: Login to impact how quickly this update gets pushed or unpushed.
obfuscated letters