Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-31938

Upgrade phpCAS library - fixing CVE-2012-1104 and CVE-2012-1105 and various problems

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.9.16, 2.0.7, 2.1, 2.2
    • Fix Version/s: 2.6
    • Component/s: Authentication
    • Database:
      Any
    • Testing Instructions:
      Hide

      Prerequisites: You need a CAS SSO server setup.

      For the purposes of this issue, the ldap connection parts have not changed, so it is probably sufficient to simply test the php to CAS SSO. (e.g. the default CAS setup of authenticating with any credentials).

      1. Enable the CAS authentication plugin and configure it to talk to your CAS server.
      2. Ensure that users can login correctly through CAS SSO.
      Show
      Prerequisites: You need a CAS SSO server setup. For the purposes of this issue, the ldap connection parts have not changed, so it is probably sufficient to simply test the php to CAS SSO. (e.g. the default CAS setup of authenticating with any credentials). Enable the CAS authentication plugin and configure it to talk to your CAS server. Ensure that users can login correctly through CAS SSO.
    • Affected Branches:
      MOODLE_19_STABLE, MOODLE_20_STABLE, MOODLE_21_STABLE, MOODLE_22_STABLE
    • Fixed Branches:
      MOODLE_26_STABLE
    • Pull Master Branch:
      MDL-31938-master

      Description

      Two security issues were discovered in phpCAS that Moodle embeds: CVE-2012-1104 and CVE-2012-1105. See http://seclists.org/oss-sec/2012/q1/551 for more details.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  18/Nov/13