Day: 17 julio, 2018

Publicado el

MSA-18-0015: Web service core_course_get_categories may return invisible categories

by Michael Hawkins. It was possible for the core_course_get_categories web service to return hidden categories, which should be omitted when fetching course categories. Note this only affects cases where a user has access to manage categories, but does not also have permission to view hidden categories.Severity/Risk:MinorVersions affected:3.5, 3.4 to 3.4.3, 3.3 to 3.3.6, 3.2 to 3.2.9, 3.1 to 3.1.12 and earlier unsupported versionsVersions fixed:3.5.1, 3.4.4, 3.3.7, 3.1.13Reported by:Marina More info: https://moodle.org/mod/forum/discuss.php?d=373370&parent=1505293
Publicado el

DSA-4245 imagemagick – security update

This update fixes several vulnerabilities in Imagemagick, a graphicalsoftware suite. Various memory handling problems or incomplete inputsanitising could result in denial of service or the execution ofarbitrary code. More info: https://www.debian.org/security/2018/dsa-4245
Publicado el

MSA-18-0016: Quiz question bank import preview could execute JavaScript

by Michael Hawkins. When a quiz question bank is imported, it was possible for the question preview that is displayed to execute JavaScript that is written into the question bank.Severity/Risk:MinorVersions affected:3.5, 3.4 to 3.4.3, 3.3 to 3.3.6, 3.2 to 3.2.9, 3.1 to 3.1.12 and earlier unsupported versionsVersions fixed:3.5.1, 3.4.4, 3.3.7, 3.1.13Reported by:Les BellCVE identifier:CVE-2018-10891Changes More info: https://moodle.org/mod/forum/discuss.php?d=373371&parent=1505294
Publicado el

DSA-4246 mailman – security update

Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. discoveredthat mailman, a web-based mailing list manager, is prone to a cross-sitescripting flaw allowing a malicious listowner to inject scripts into thelistinfo page, due to not validated input in the host_name field. More info: https://www.debian.org/security/2018/dsa-4246
Publicado el

MSA-18-0014: Privacy data exports include log data

by Michael Hawkins. No option existed to omit logs from data privacy exports, which may contain details of other users who interacted with the requester. Note this may be a serious privacy consideration for sites processing data exports.Severity/Risk:MinorVersions affected:3.5, 3.4.3, 3.3 to 3.3.6Versions fixed:3.5.1, 3.4.4, 3.3.7Reported by:Ralf HilgenstockCVE identifier:CVE-2018-10889Changes More info: https://moodle.org/mod/forum/discuss.php?d=373369&parent=1505292
Acceso Administrador
Translate »