openSUSE Security Update: moodle: security update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0937-1 Rating: moderate References: #650155 Cross-References: CVE-2010-4207 CVE-2010-4208 CVE-2010-4209 Affected Products: openSUSE 11.1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. It includes one version update. Description: This update of moodle fixes: - CVE-2010-4207: CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N): Cross-Site Scripting (XSS) (CWE-79) Cross-site scripting vulnerability in the Flash component infrastructure in YUI allows remote attackers to inject arbitrary web script or HTML via charts/assets/charts.swf. - CVE-2010-4208: CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N): Cross-Site Scripting (XSS) (CWE-79) Cross-site scripting vulnerability in the Flash component infrastructure in YUI allows remote attackers to inject arbitrary web script or HTML via uploader/assets/uploader.swf. - CVE-2010-4209: CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N): Cross-Site Scripting (XSS) (CWE-79) Cross-site scripting vulnerability in the Flash component infrastructure in YUI allows remote attackers to inject arbitrary web script or HTML via swfstore/swfstore.swf. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.1: zypper in -t patch moodle-3506 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.1 (noarch) [New Version: 1.9.10]: moodle-1.9.10-0.1.1 moodle-af-1.9.10-0.1.1 moodle-ar-1.9.10-0.1.1 moodle-be-1.9.10-0.1.1 moodle-bg-1.9.10-0.1.1 moodle-bs-1.9.10-0.1.1 moodle-ca-1.9.10-0.1.1 moodle-cs-1.9.10-0.1.1 moodle-da-1.9.10-0.1.1 moodle-de-1.9.10-0.1.1 moodle-de_du-1.9.10-0.1.1 moodle-el-1.9.10-0.1.1 moodle-es-1.9.10-0.1.1 moodle-et-1.9.10-0.1.1 moodle-eu-1.9.10-0.1.1 moodle-fa-1.9.10-0.1.1 moodle-fi-1.9.10-0.1.1 moodle-fr-1.9.10-0.1.1 moodle-ga-1.9.10-0.1.1 moodle-gl-1.9.10-0.1.1 moodle-he-1.9.10-0.1.1 moodle-hi-1.9.10-0.1.1 moodle-hr-1.9.10-0.1.1 moodle-hu-1.9.10-0.1.1 moodle-id-1.9.10-0.1.1 moodle-is-1.9.10-0.1.1 moodle-it-1.9.10-0.1.1 moodle-ja-1.9.10-0.1.1 moodle-ka-1.9.10-0.1.1 moodle-km-1.9.10-0.1.1 moodle-kn-1.9.10-0.1.1 moodle-ko-1.9.10-0.1.1 moodle-lt-1.9.10-0.1.1 moodle-lv-1.9.10-0.1.1 moodle-mi_tn-1.9.10-0.1.1 moodle-ms-1.9.10-0.1.1 moodle-nl-1.9.10-0.1.1 moodle-nn-1.9.10-0.1.1 moodle-no-1.9.10-0.1.1 moodle-pl-1.9.10-0.1.1 moodle-pt-1.9.10-0.1.1 moodle-ro-1.9.10-0.1.1 moodle-ru-1.9.10-0.1.1 moodle-sk-1.9.10-0.1.1 moodle-sl-1.9.10-0.1.1 moodle-so-1.9.10-0.1.1 moodle-sq-1.9.10-0.1.1 moodle-sr-1.9.10-0.1.1 moodle-sv-1.9.10-0.1.1 moodle-th-1.9.10-0.1.1 moodle-tl-1.9.10-0.1.1 moodle-tr-1.9.10-0.1.1 moodle-uk-1.9.10-0.1.1 moodle-vi-1.9.10-0.1.1 moodle-zh_cn-1.9.10-0.1.1 References: http://support.novell.com/security/cve/CVE-2010-4207.html http://support.novell.com/security/cve/CVE-2010-4208.html http://support.novell.com/security/cve/CVE-2010-4209.html https://bugzilla.novell.com/650155