Security announcements

MSA-09-0030: New detection of insecure flash player plugins

 
Picture of Helen Foster
MSA-09-0030: New detection of insecure flash player plugins
 
Topic: New detection of insecure flash player plugins
Severity/Risk: Major
Versions affected: <1.9.7
Reported by: internal code review
Issue no.: MDL-20841
Solution: upgrade to 1.9.7
Workaround: none


Description:
Older Flash versions that do not respect the download http header may be used to gain unauthorised access. Moodle is now able to detect obsolete and vulnerable Flash plugin versions. Moodle will actually refuse to send uploaded files to older Flash plugins and will instead send an alternative Flash file that asks users to upgrade. All administrators and teachers should upgrade their computers as soon as possible.