==========================================================Ubuntu Security Notice USN-791-2              June 24, 2009
moodle vulnerability
CVE-2009-1171
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.04:
  moodle                          1.9.4.dfsg-0ubuntu1.1

After a standard system upgrade you need to access the Moodle instance
and accept the database update to clear any invalid cached data.

Details follow:

Christian Eibl discovered that the TeX filter in Moodle allowed any
function to be used.  An authenticated remote attacker could post
a specially crafted TeX formula to execute arbitrary TeX functions,
potentially reading any file accessible to the web server user, leading
to a loss of privacy.  (CVE-2009-1171, MSA-09-0009)


Updated packages for Ubuntu 9.04:

  Source archives:

          Size/MD5:    37358 a51bee20ca3560c1b390b1e12e42c5f1
          Size/MD5:     1477 a842e53d8330a56f47d09a1c19f78f11
          Size/MD5: 12969234 6263f780d52114c8d6eced8308b66aa7

  Architecture independent packages:

          Size/MD5:  9663672 12cd163fe02d67cda7f972bb5744e3e1

Ubuntu 791-2: Moodle vulnerability

June 24, 2009
Christian Eibl discovered that the TeX filter in Moodle allowed anyfunction to be used

Summary

Update Instructions

References

Severity
moodle vulnerability

Package Information

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved