|Category:||Debian Local Security Checks|
|Title:||Debian Security Advisory DSA 2334-1 (mahara)|
|Summary:||Debian Security Advisory DSA 2334-1 (mahara)|
|Description:||The remote host is missing an update to mahara|
announced via advisory DSA 2334-1.
Several vulnerabilities were discovered in Mahara, an electronic
portfolio, weblog, and resume builder:
Teemu Vesala discovered that missing input sanitising of RSS
feeds could lead to cross-site scripting.
Richard Mansfield discovered that insufficient upload restrictions
allowed denial of service.
Richard Mansfield that the management of institutions was prone to
cross-site request forgery.
(no CVE ID available yet)
Andrew Nichols discovered a privilege escalation vulnerability
in MNet handling.
For the oldstable distribution (lenny), this problem has been fixed in
For the stable distribution (squeeze), this problem has been fixed in
For the unstable distribution (sid), this problem has been fixed in
We recommend that you upgrade your mahara packages.
Common Vulnerability Exposure (CVE) ID: CVE-2011-2771|
Debian Security Information: DSA-2334 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2011-2772
Common Vulnerability Exposure (CVE) ID: CVE-2011-2773
|Copyright||Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com|
|This is only one of 47234 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.