USN-658-1: Moodle vulnerability

23 October 2008

moodle vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 8.04 LTS
  • Ubuntu 7.10

Software Description

  • moodle

Details

Lukasz Pilorz discovered that the HTML filtering used in Moodle was not strict enough. A remote attacker could send malicious requests to Moodle and execute arbitrary code as the web server user.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 8.04 LTS
moodle - 1.8.2-1ubuntu4.1
Ubuntu 7.10
moodle - 1.8.2-1ubuntu2.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system upgrade is sufficient to effect the necessary changes.

References