Mailinglist Archive: opensuse-updates (41 mails)

< Previous Next >
openSUSE-SU-2010:0937-1 (moderate): moodle: security update
  • From: opensuse-security@xxxxxxxxxxxx
  • Date: Fri, 12 Nov 2010 13:08:15 +0100 (CET)
  • Message-id: <20101112120816.6F1EFBE5A@xxxxxxxxxxxxxx>
openSUSE Security Update: moodle: security update
______________________________________________________________________________

Announcement ID: openSUSE-SU-2010:0937-1
Rating: moderate
References: #650155
Cross-References: CVE-2010-4207 CVE-2010-4208 CVE-2010-4209

Affected Products:
openSUSE 11.1
______________________________________________________________________________

An update that fixes three vulnerabilities is now
available. It includes one version update.

Description:

This update of moodle fixes:
- CVE-2010-4207: CVSS v2 Base Score: 4.3 (MEDIUM)
(AV:N/AC:M/Au:N/C:N/I:P/A:N): Cross-Site Scripting (XSS)
(CWE-79) Cross-site scripting vulnerability in the Flash
component infrastructure in YUI allows remote attackers
to inject arbitrary web script or HTML via
charts/assets/charts.swf.
- CVE-2010-4208: CVSS v2 Base Score: 4.3 (MEDIUM)
(AV:N/AC:M/Au:N/C:N/I:P/A:N): Cross-Site Scripting (XSS)
(CWE-79) Cross-site scripting vulnerability in the Flash
component infrastructure in YUI allows remote attackers
to inject arbitrary web script or HTML via
uploader/assets/uploader.swf.
- CVE-2010-4209: CVSS v2 Base Score: 4.3 (MEDIUM)
(AV:N/AC:M/Au:N/C:N/I:P/A:N): Cross-Site Scripting (XSS)
(CWE-79) Cross-site scripting vulnerability in the Flash
component infrastructure in YUI allows remote attackers
to inject arbitrary web script or HTML via
swfstore/swfstore.swf.


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.1:

zypper in -t patch moodle-3506

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.1 (noarch) [New Version: 1.9.10]:

moodle-1.9.10-0.1.1
moodle-af-1.9.10-0.1.1
moodle-ar-1.9.10-0.1.1
moodle-be-1.9.10-0.1.1
moodle-bg-1.9.10-0.1.1
moodle-bs-1.9.10-0.1.1
moodle-ca-1.9.10-0.1.1
moodle-cs-1.9.10-0.1.1
moodle-da-1.9.10-0.1.1
moodle-de-1.9.10-0.1.1
moodle-de_du-1.9.10-0.1.1
moodle-el-1.9.10-0.1.1
moodle-es-1.9.10-0.1.1
moodle-et-1.9.10-0.1.1
moodle-eu-1.9.10-0.1.1
moodle-fa-1.9.10-0.1.1
moodle-fi-1.9.10-0.1.1
moodle-fr-1.9.10-0.1.1
moodle-ga-1.9.10-0.1.1
moodle-gl-1.9.10-0.1.1
moodle-he-1.9.10-0.1.1
moodle-hi-1.9.10-0.1.1
moodle-hr-1.9.10-0.1.1
moodle-hu-1.9.10-0.1.1
moodle-id-1.9.10-0.1.1
moodle-is-1.9.10-0.1.1
moodle-it-1.9.10-0.1.1
moodle-ja-1.9.10-0.1.1
moodle-ka-1.9.10-0.1.1
moodle-km-1.9.10-0.1.1
moodle-kn-1.9.10-0.1.1
moodle-ko-1.9.10-0.1.1
moodle-lt-1.9.10-0.1.1
moodle-lv-1.9.10-0.1.1
moodle-mi_tn-1.9.10-0.1.1
moodle-ms-1.9.10-0.1.1
moodle-nl-1.9.10-0.1.1
moodle-nn-1.9.10-0.1.1
moodle-no-1.9.10-0.1.1
moodle-pl-1.9.10-0.1.1
moodle-pt-1.9.10-0.1.1
moodle-ro-1.9.10-0.1.1
moodle-ru-1.9.10-0.1.1
moodle-sk-1.9.10-0.1.1
moodle-sl-1.9.10-0.1.1
moodle-so-1.9.10-0.1.1
moodle-sq-1.9.10-0.1.1
moodle-sr-1.9.10-0.1.1
moodle-sv-1.9.10-0.1.1
moodle-th-1.9.10-0.1.1
moodle-tl-1.9.10-0.1.1
moodle-tr-1.9.10-0.1.1
moodle-uk-1.9.10-0.1.1
moodle-vi-1.9.10-0.1.1
moodle-zh_cn-1.9.10-0.1.1


References:

http://support.novell.com/security/cve/CVE-2010-4207.html
http://support.novell.com/security/cve/CVE-2010-4208.html
http://support.novell.com/security/cve/CVE-2010-4209.html
https://bugzilla.novell.com/650155


< Previous Next >
This Thread
  • No further messages