| Topic: | mimeTeX vulnerabilities |
| Severity/Risk: | Major |
| Versions affected: | all |
| Reported by: | upstream - http://www.ocert.org/advisories/ocert-2009-010.html |
| Issue no.: | MDL-19832, CVE-2009-1382 |
| Solution: | upgrade to latest weekly built, stable CVS, nightly build or copy new mimetex.* executables into any older release |
| Workaround: | disable tex and algebra filters |
Description:
John Forkosh fixed several serious vulnerabilities in mimeTeX binary which is used in Moodle by TeX and Algebra filter. This was rated as "critical" upstream, however the risk is slightly less on Moodle because this filter can be disabled (and is disabled by default). In addition, the vulnerability is only exposed to valid users who have logged in to Moodle.