Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-31938

Upgrade phpCAS library - fixing CVE-2012-1104 and CVE-2012-1105 and various problems

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.9.16, 2.0.7, 2.1, 2.2
    • Fix Version/s: 2.6
    • Component/s: Authentication
    • Database:
      Any
    • Testing Instructions:
      Hide

      Prerequisites: You need a CAS SSO server setup.

      For the purposes of this issue, the ldap connection parts have not changed, so it is probably sufficient to simply test the php to CAS SSO. (e.g. the default CAS setup of authenticating with any credentials).

      1. Enable the CAS authentication plugin and configure it to talk to your CAS server.
      2. Ensure that users can login correctly through CAS SSO.
      Show
      Prerequisites: You need a CAS SSO server setup. For the purposes of this issue, the ldap connection parts have not changed, so it is probably sufficient to simply test the php to CAS SSO. (e.g. the default CAS setup of authenticating with any credentials). Enable the CAS authentication plugin and configure it to talk to your CAS server. Ensure that users can login correctly through CAS SSO.
    • Affected Branches:
      MOODLE_19_STABLE, MOODLE_20_STABLE, MOODLE_21_STABLE, MOODLE_22_STABLE
    • Fixed Branches:
      MOODLE_26_STABLE
    • Pull Master Branch:
      MDL-31938-master

      Description

      Two security issues were discovered in phpCAS that Moodle embeds: CVE-2012-1104 and CVE-2012-1105. See http://seclists.org/oss-sec/2012/q1/551 for more details.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Votes:
                  0 Vote for this issue
                  Watchers:
                  8 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Fix Release Date:
                    18/Nov/13