Secunia Security Advisory - Debian has acknowledged a security issue and some vulnerabilities in moodle, which can be exploited by malicious users to disclose potentially sensitive information, bypass certain security restrictions, and conduct SQL injection attacks and by malicious people to conduct cross-site request forgery attacks and bypass certain security restrictions.
dd168bc11d995db043e5f9d5a57ea2c3927fac72e395e06086044f3530e59c61
----------------------------------------------------------------------
Secunia integrated with Microsoft WSUS
http://secunia.com/blog/71/
----------------------------------------------------------------------
TITLE:
Debian Moodle Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA38458
VERIFY ADVISORY:
http://secunia.com/advisories/38458/
DESCRIPTION:
Debian has acknowledged a security issue and some vulnerabilities in
moodle, which can be exploited by malicious users to disclose
potentially sensitive information, bypass certain security
restrictions, and conduct SQL injection attacks and by malicious
people to conduct cross-site request forgery attacks and bypass
certain security restrictions.
For more information:
SA37614
SOLUTION:
The vendor recommends upgrading to the lenny version.
ORIGINAL ADVISORY:
DSA-1986-1:
http://www.debian.org/security/2010/dsa-1986
OTHER REFERENCES:
SA37614 :
http://secunia.com/advisories/37614/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------