Dear All,
We received this email today? Can anyone please assist and explain what to do ?
Regards,
------------------------------------------------------------------------------
Hi Moodle Admins,
A serious problem with the TeX and algebra filters (used for mathematics notation in Moodle) has been found which could allow attackers to access server files.
If you don't use TeX and algebra notation in your site then you should:
A) Simple disable the TeX and algebra filters completely for now:
Admin > Modules > Filters > Manage Filters
Otherwise you should:
B) Update your Moodle site to the latest weekly version from this week, or
C) Copy the latest files from filter/tex/* into your current install.
The full copy of the security notice MSA-09-0009 is shown below - this will be added to
Topic: TeX filter file disclosure
Severity: Critical
Versions affected: < 1.9.5, < 1.8.9, 1.7.x, 1.6.x Reported by: Christian Eibl Issue no.: MDL-18552
Name: CVE-2009-1171
Solution: update to latest weeklies or copy latest filter/tex/*.* into your current install
Workaround: disable or delete TeX and Algebra filters completely
Description:
Christian Eibl reported and helped fix a serious TeX filter problem.
Unfortunately the details were released before we had chance to inform administrators of registered Moodle sites. Please update your servers immediately or disable the TeX and Algebra filters until you are able to update.
Disclosure link:
------------------------------------------------------------------------------
http://moodle.org/security to inform the wider Moodle community sometime next week.http://packetstormsecurity.org/0903-exploits/moodle-disclose.txt