Debian Security Advisory DSA 2172-1 (moodle) Network Vulnerability

Summary

The remote host is missing an update to moodle announced via advisory DSA 2172-1.

Solution

For the oldstable distribution (lenny), this problem has been fixed in version 1.8.13-3. The stable distribution (squeeze) already contains a fixed version of phpCAS. The unstable distribution (sid) already contains a fixed version of phpCAS. We recommend that you upgrade your moodle packages. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202172-1

Insight

Several vulnerabilties have been discovered in phpCAS, a CAS client library for PHP. The Moodle course management system includes a copy of phpCAS.

Severity

Classification

CVE CVE-2010-2795, CVE-2010-2796, CVE-2010-3690, CVE-2010-3691, CVE-2010-3692

CVSS	Base Score: 6.4 AV:N/AC:L/Au:N/C:N/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1143-1 (dhcp)
Debian Security Advisory DSA 1001-1 (crossfire)
Debian Security Advisory DSA 092-1 (wmtv)
Debian Security Advisory DSA 1121-1 (postgrey)
Debian Security Advisory DSA 007-1 (zope)

Take action and discover your vulnerabilities