Articles / Debian: Security update for...

Debian: Security update for Mahara

Several vulnerabilities were discovered in Mahara, an electronic portfolio, weblog, and resume builder. Teemu Vesala discovered that missing input sanitising of RSS feeds could lead to cross-site scripting. Richard Mansfield discovered that insufficient upload restrictions allowed denial of service. Richard Mansfield that the management of institutions was prone to cross-site request forgery. Andrew Nichols discovered a privilege escalation vulnerability in MNet handling. Updated packages are available from security.debian.org.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2334-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
November 04, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : mahara
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-2771 CVE-2011-2772 CVE-2011-2773 

Several vulnerabilities were discovered in Mahara, an electronic 
portfolio, weblog, and resume builder:

CVE-2011-2771

  Teemu Vesala discovered that missing input sanitising of RSS
  feeds could lead to cross-site scripting.

CVE-2011-2772

  Richard Mansfield discovered that insufficient upload restrictions
  allowed denial of service.

CVE-2011-2773

  Richard Mansfield that the management of institutions was prone to
  cross-site request forgery.

(no CVE ID available yet)

  Andrew Nichols discovered a privilege escalation vulnerability
  in MNet handling.

For the oldstable distribution (lenny), this problem has been fixed in
version 1.0.4-4+lenny11.

For the stable distribution (squeeze), this problem has been fixed in
version 1.2.6-2+squeeze3.

For the unstable distribution (sid), this problem has been fixed in
version 1.4.1-1.

We recommend that you upgrade your mahara packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk60JbcACgkQXm3vHE4uylqocwCgkWMz4J7ZDTxntTrLf0iYmfAZ
wGUAoLG1TDXaqNB+YgJcTuYqKpkTD8y5
=4JlU
-----END PGP SIGNATURE-----
Screenshot

Project Spotlight

libcsdbg

A C++ exception stack tracer.

Screenshot

Project Spotlight

Magento One Step Checkout

One step check out is a magento extension. It's a simple way for the customers to complete the checkout.