Hi Moodle Admins,
A serious problem with the TeX and algebra filters (used for mathematics
notation in Moodle) has been found which could allow attackers to access server
files.
If you don't use TeX and algebra notation in your site then you should:
A) Simple disable the TeX and algebra filters completely for now:
Admin>Modules>Filters>Manage Filters
Otherwise you should:
B) Update your Moodle site to the latest weekly version from this week, or
C) Copy the latest files from filter/tex/* into your current install.
The full copy of the security notice MSA-09-0009 is shown below - this will be
added to http://moodle.org/security to inform the wider Moodle community
sometime next week.
Topic: TeX filter file disclosure
Severity: Critical
Versions affected:<1.9.5,<1.8.9, 1.7.x, 1.6.x
Reported by: Christian Eibl
Issue no.: MDL-18552
Name: CVE-2009-1171
Solution: update to latest weeklies or copy latest filter/tex/*.* into your
current install
Workaround: disable or delete TeX and Algebra filters completely
Description:
Christian Eibl reported and helped fix a serious TeX filter problem.
Unfortunately the details were released before we had chance to inform
administrators of registered Moodle sites. Please update your servers
immediately or disable the TeX and Algebra filters until you are able to
update.
Disclosure link:
http://packetstormsecurity.org/0903-exploits/moodle-disclose.txt
quinta-feira, 2 de abril de 2009
Assinar:
Postar comentários (Atom)
Labels
- Análise (26)
- Bovespa (56)
- BravoVirtual (5)
- Campanha: compre seu carro e não utilize o transporte público (1)
- Dica Fria (4)
- Dica Quente (58)
- Dionísio (2)
- Dividendos e JCP (7)
- educação (3)
- Em São Paulo (49)
- Ensino à Distância (8)
- Gestão (14)
- Google Apps (2)
- hedge (1)
- marta faz bem feito (2)
- modelos (1)
- Moodle (8)
- Mundo dos Vinhos (3)
- receitas (10)
- Reflexão (12)
- risotos (2)
- Tecnolgia (9)
- Viver melhor (24)
Siga @bravovirtual
0 comentários:
Postar um comentário