Secunia Security Advisory - Ubuntu has issued an update for moodle. This fixes a security issue and some vulnerabilities, which can potentially be exploited by malicious, local users to perform certain actions with escalated privileges, by malicious users to disclose potentially sensitive information, conduct cross-site scripting and script insertion attacks, or compromise a vulnerable system, and by malicious people to conduct cross-site scripting attacks, disclose sensitive information, bypass certain security restrictions, and compromise a vulnerable system.
8c44060639c8a5c7c8b715493036e5363cf96996f93c7663c01414e5db43ecd8
----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Ubuntu update for moodle
SECUNIA ADVISORY ID:
SA35531
VERIFY ADVISORY:
http://secunia.com/advisories/35531/
DESCRIPTION:
Ubuntu has issued an update for moodle. This fixes a security issue
and some vulnerabilities, which can potentially be exploited by
malicious, local users to perform certain actions with escalated
privileges, by malicious users to disclose potentially sensitive
information, conduct cross-site scripting and script insertion
attacks, or compromise a vulnerable system, and by malicious people
to conduct cross-site scripting attacks, disclose sensitive
information, bypass certain security restrictions, and compromise a
vulnerable system.
For more information:
SA25626
SA32329
SA33079
SA33775
SA34517
SA35072
SOLUTION:
Apply updated packages.
-- Ubuntu 8.04 LTS --
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1ubuntu4.2.diff.gz
Size/MD5: 40258 b0164bfaf9023bc534d2a7b6a8a8c718
http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1ubuntu4.2.dsc
Size/MD5: 703 e32f8b5963d5c1a1710073d4e5a88415
http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2.orig.tar.gz
Size/MD5: 10157112 4e6afcfd567571af0638533d157f9181
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1ubuntu4.2_all.deb
Size/MD5: 9292594 967ddb24a756fa4ba683b66835eb734d
-- Ubuntu 8.10 --
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1.2ubuntu2.1.diff.gz
Size/MD5: 48171 92c36cd38c72494817858ceefe55db23
http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1.2ubuntu2.1.dsc
Size/MD5: 1107 f001011ebd7f3ad66fc797a26194393c
http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2.orig.tar.gz
Size/MD5: 10157112 4e6afcfd567571af0638533d157f9181
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/m/moodle/moodle_1.8.2-1.2ubuntu2.1_all.deb
Size/MD5: 9298070 af5fbc6ef05185b6cc3b65f22d49b13e
ORIGINAL ADVISORY:
USN-791-1:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2009-June/000920.html
OTHER REFERENCES:
SA25626:
http://secunia.com/advisories/25626/
SA32329:
http://secunia.com/advisories/32329/
SA33079:
http://secunia.com/advisories/33079/
SA33775:
http://secunia.com/advisories/33775/
SA34517:
http://secunia.com/advisories/34517/
SA35072:
http://secunia.com/advisories/35072/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------