openSUSE 10 Security Update : moodle (moodle-3959)
High Nessus Plugin ID 27351
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update fixes the following issues :
- possible remote file inclusion (CVE-2007-1429)
- XSS injection in SCORM 1.2 reports
- Fixed XSS in login block
Additionally changes :
- Fixed visibility of site blogs
- moodle-config.php is now located in /etc/moodle/
- added safe_mode and session.save_handler as php options
SolutionUpdate the affected moodle packages.