Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2014-0053)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2014.0053

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2014-0053)

Resumen: The remote host is missing an update for the 'moodle' package(s) announced via the MGASA-2014-0053 advisory.

Descripción: Summary:
The remote host is missing an update for the 'moodle' package(s) announced via the MGASA-2014-0053 advisory.

Vulnerability Insight:
Updated moodle package fixes security vulnerabilities:

In Moodle before 2.4.8, some password changes on admin pages were being
recorded and shown to administrators in the config log report
(CVE-2014-0008).

In Moodle before 2.4.8, users were able to log in as a user who in a is
not in the same group without the permission to see all groups
(CVE-2014-0009).

In Moodle 2.4.8, custom profile fields and categories were open to
deletion without proper session checking, due to two Cross-site Request
Forgery(CSRF) vulnerabilities in /user/profile/index.php (CVE-2014-0010).

Affected Software/OS:
'moodle' package(s) on Mageia 3, Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-0008
1029647
http://www.securitytracker.com/id/1029647
FEDORA-2014-1377
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127510.html
FEDORA-2014-1396
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127533.html
[oss-security] 20140120 Moodle security notifications public
http://openwall.com/lists/oss-security/2014/01/20/1
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36721
https://moodle.org/mod/forum/discuss.php?d=252414
Common Vulnerability Exposure (CVE) ID: CVE-2014-0009
1029648
http://www.securitytracker.com/id/1029648
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42643
https://moodle.org/mod/forum/discuss.php?d=252415
Common Vulnerability Exposure (CVE) ID: CVE-2014-0010
102261
http://osvdb.org/102261
1029649
http://www.securitytracker.com/id/1029649
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42883
https://moodle.org/mod/forum/discuss.php?d=252416

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2014.0053
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2014-0053)
Resumen:	The remote host is missing an update for the 'moodle' package(s) announced via the MGASA-2014-0053 advisory.
Descripción:	Summary: The remote host is missing an update for the 'moodle' package(s) announced via the MGASA-2014-0053 advisory. Vulnerability Insight: Updated moodle package fixes security vulnerabilities: In Moodle before 2.4.8, some password changes on admin pages were being recorded and shown to administrators in the config log report (CVE-2014-0008). In Moodle before 2.4.8, users were able to log in as a user who in a is not in the same group without the permission to see all groups (CVE-2014-0009). In Moodle 2.4.8, custom profile fields and categories were open to deletion without proper session checking, due to two Cross-site Request Forgery(CSRF) vulnerabilities in /user/profile/index.php (CVE-2014-0010). Affected Software/OS: 'moodle' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0008 1029647 http://www.securitytracker.com/id/1029647 FEDORA-2014-1377 http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127510.html FEDORA-2014-1396 http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127533.html [oss-security] 20140120 Moodle security notifications public http://openwall.com/lists/oss-security/2014/01/20/1 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36721 https://moodle.org/mod/forum/discuss.php?d=252414 Common Vulnerability Exposure (CVE) ID: CVE-2014-0009 1029648 http://www.securitytracker.com/id/1029648 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42643 https://moodle.org/mod/forum/discuss.php?d=252415 Common Vulnerability Exposure (CVE) ID: CVE-2014-0010 102261 http://osvdb.org/102261 1029649 http://www.securitytracker.com/id/1029649 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42883 https://moodle.org/mod/forum/discuss.php?d=252416
Copyright	Copyright (C) 2022 Greenbone AG