New Moodle packages: fix several vulnerabilities

Users of Moodle please be advised of a New moodle packages fix several vulnerabilities that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

DSA-2115-1: [DSA-2115-1] New moodle packages fix several vulnerabilities

Several remote vulnerabilities have been discovered in Moodle, a course management system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-1613 Moodle does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks. CVE-2010-1614 Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the Login-As feature or (2) when the global search feature is enabled, unspecified global search forms in the Global Search Engine. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/9AhCNy