Moritz Muehlenhoff
2011-Dec-15 16:17 UTC
[Secure-testing-team] Bug#652235: Multiple new security issues
Package: moodle
Severity: grave
Tags: security
Hi,
the following new Moodle issues affect sid/stable:
----
MSA-11-0045: Potential to masquerade through MNet Affects: 2.1.x,
2.0.x, 1.9.x
Fix:
http://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=10df8657c1c138c0d0ab1d4796c552fcec0c299b
Reference: http://moodle.org/mod/forum/discuss.php?d=191751
CVE-2011-4584
----
MSA-11-0046: Insecure authentication transmission
Affects: 1.9.x
Fix:
http://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=01dd64a8c8aa95f793accea371b2392e662663c5
Reference: http://moodle.org/mod/forum/discuss.php?d=191752
CVE-2011-4585
----
MSA-11-0047: Possible injection attack in Calendar
Affects: 2.1.x, 2.0.x, 1.9.x
Fix:
http://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=581e8dba387f090d89382115fd850d8b44351526
Reference: moodle.org/mod/forum/discuss.php?d=191754
CVE-2011-4586
----
MSA-11-0048: Password loss issue
Affects: 2.1.x, 2.0.x, 1.9.x
Fix:
http://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=e079e82c087becf06d902089d14f3f76686bde19
Reference: http://moodle.org/mod/forum/discuss.php?d=191755
CVE-2011-4587
----
MSA-11-0049: Network restriction ineffective with MNet
Affects: 1.9.x
Fix:
http://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=3ab2851d2a59721445945d0706c58092e07e861e
Reference: http://moodle.org/mod/forum/discuss.php?d=191756
CVE-2011-4588
----
Also please note that MSA-11-0040 is still unfixed in sid (although
fixed in the DSA)
Cheers,
Moritz
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, ''unstable'')
Architecture: amd64 (x86_64)
Kernel: Linux 3.1.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash