Security Announcements

 
 
Picture of Petr Škoda
MSA-08-0011: Potential webroot disclosures warning
 
Topic: Potential webroot disclosures warning
Severity: Minor
Versions affected: all version
Reported by: Richard Brain of ProCheckUp Ltd. (www.procheckup.com)
Issue no.: MDL-15413
Solution: make sure display_errors is disabled in PHP configuration; 1.8.6 and 1.9.2 contains new warning for administrators

Description:

ProCheckup discovered that several scripts display errors if display_errors enabled in PHP configuration. This problem will be fully fixed in later Moodle versions because it requires modification of many files and review of all code from upstream, in the meantime please make sure you server is configured properly - see http://www.php.net/manual/en/errorfunc.configuration.php#ini.display-errors

We would like to thank them for informing us in a responsible manner and coordinating the disclosure of security advisories.