The remote host is missing an update to moodle announced via advisory FEDORA-2009-3280.
Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update moodle' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-3280
Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities. Update Information: CVE-2009-1171: The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a $$ sequence, which causes LaTeX to include the contents of the file. Upstream bug and CVS commit: http://tracker.moodle.org/browse/MDL-18552 http://cvs.moodle.org/moodle/filter/tex/filter.php?r1=18.104.22.168&r2=22.214.171.124 Upstream further reported that the above patch is not sufficient and following change should be used instead: For >=1.9.0: http://git.catalyst.net.nz/gw?p=moodle-r2.git a=commitdiff h=b950f126018a9e16a298d278375a0eedf791e5dd For 1.6.* - 1.8.*: http://git.catalyst.net.nz/gw?p=moodle-r2.git a=commitdiff h=cc9bf1486e7ea9e8cda1e4522b96e07245459a0d ChangeLog: * Wed Apr 1 2009 Jon Ciesla - 1.9.4-6 - Patch for CVE-2009-1171, BZ 493109. * Tue Mar 24 2009 Jon Ciesla - 1.9.4-5 - Update for freefont->gnu-free-fonts change.
CVE CVE-2008-4796, CVE-2008-5153, CVE-2009-0499, CVE-2009-1171
CVSS Base Score: 10.0