The remote host is missing an update to moodle announced via advisory FEDORA-2009-3280.

Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update moodle' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-3280

Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities. Update Information: CVE-2009-1171: The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a $$ sequence, which causes LaTeX to include the contents of the file. Upstream bug and CVS commit: http://tracker.moodle.org/browse/MDL-18552 http://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18.4.5 Upstream further reported that the above patch is not sufficient and following change should be used instead: For >=1.9.0: http://git.catalyst.net.nz/gw?p=moodle-r2.git a=commitdiff h=b950f126018a9e16a298d278375a0eedf791e5dd For 1.6.* - 1.8.*: http://git.catalyst.net.nz/gw?p=moodle-r2.git a=commitdiff h=cc9bf1486e7ea9e8cda1e4522b96e07245459a0d ChangeLog: * Wed Apr 1 2009 Jon Ciesla - 1.9.4-6 - Patch for CVE-2009-1171, BZ 493109. * Tue Mar 24 2009 Jon Ciesla - 1.9.4-5 - Update for freefont->gnu-free-fonts change.

• http://www.securityfocus.com/archive/1/archive/1/502231/100/0/threaded
• http://www.securityfocus.com/bid/34278
• https://bugzilla.redhat.com/show_bug.cgi?id=493109

---

Updated on 2017-03-28