PDA

View Full Version : USN-658-1: Moodle vulnerability



rss-bot
October 23rd, 2008, 10:40 PM
Referenced CVEs:
CVE-2008-1502


Description:
================================================== ========= Ubuntu Security Notice USN-658-1 October 23, 2008 moodle vulnerability CVE-2008-1502 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.10: moodle 1.8.2-1ubuntu2.1 Ubuntu 8.04 LTS: moodle 1.8.2-1ubuntu4.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Lukasz Pilorz discovered that the HTML filtering used in Moodle was not strict enough. A remote attacker could send malicious requests to Moodle and execute arbitrary code as the web server user.





More... (http://www.ubuntu.com/usn/usn-658-1)