USN-658-1: Moodle vulnerability

23 October 2008

Moodle vulnerability

Releases

Ubuntu 8.04
Ubuntu 7.10

Packages

moodle -

Details

Lukasz Pilorz discovered that the HTML filtering used in Moodle was not
strict enough. A remote attacker could send malicious requests to Moodle
and execute arbitrary code as the web server user.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 8.04

moodle - 1.8.2-1ubuntu4.1

Ubuntu 7.10

moodle - 1.8.2-1ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

References

CVE-2008-1502

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM