Articles / Debian: Security update for…

Debian: Security update for Mahara

Several vulnerabilities were discovered in Mahara, an electronic portfolio, weblog, and resume builder. Teemu Vesala discovered that missing input sanitising of RSS feeds could lead to cross-site scripting. Richard Mansfield discovered that insufficient upload restrictions allowed denial of service. Richard Mansfield that the management of institutions was prone to cross-site request forgery. Andrew Nichols discovered a privilege escalation vulnerability in MNet handling. Updated packages are available from security.debian.org.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2334-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
November 04, 2011                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : mahara
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-2771 CVE-2011-2772 CVE-2011-2773 

Several vulnerabilities were discovered in Mahara, an electronic 
portfolio, weblog, and resume builder:

CVE-2011-2771

  Teemu Vesala discovered that missing input sanitising of RSS
  feeds could lead to cross-site scripting.

CVE-2011-2772

  Richard Mansfield discovered that insufficient upload restrictions
  allowed denial of service.

CVE-2011-2773

  Richard Mansfield that the management of institutions was prone to
  cross-site request forgery.

(no CVE ID available yet)

  Andrew Nichols discovered a privilege escalation vulnerability
  in MNet handling.

For the oldstable distribution (lenny), this problem has been fixed in
version 1.0.4-4+lenny11.

For the stable distribution (squeeze), this problem has been fixed in
version 1.2.6-2+squeeze3.

For the unstable distribution (sid), this problem has been fixed in
version 1.4.1-1.

We recommend that you upgrade your mahara packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk60JbcACgkQXm3vHE4uylqocwCgkWMz4J7ZDTxntTrLf0iYmfAZ
wGUAoLG1TDXaqNB+YgJcTuYqKpkTD8y5
=4JlU
-----END PGP SIGNATURE-----
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.