Two security vulnerabilities have been discovered in Mahara, a fully featured electronic portfolio, weblog, resume builder and social networking system: CVE-2011-0439 A security review commissioned by a Mahara user discovered that Mahara processes unsanitized input which can lead to cross-site scripting (XSS). CVE-2011-0440 Mahara Developers discovered that Mahara doesn't check the session key under certain circumstances which can be exploited as cross-site request forgery (CSRF) and can lead to the deletion of blogs. For the old stable distribution (lenny) these problems have been fixed in version 1.0.4-4+lenny8. For the stable distribution (squeeze) these problems have been fixed in version 1.2.6-2+squeeze1. For the unstable distribution (sid) these problems have been fixed in version 1.2.7. We recommend that you upgrade your mahara package.
Two security vulnerabilities have been discovered in Mahara, a fully featured electronic portfolio, weblog, resume builder and social networking system:
A security review commissioned by a Mahara user discovered that Mahara processes unsanitized input which can lead to cross-site scripting (XSS).
Mahara Developers discovered that Mahara doesn't check the session key under certain circumstances which can be exploited as cross-site request forgery (CSRF) and can lead to the deletion of blogs.
For the old stable distribution (lenny) these problems have been fixed in version 1.0.4-4+lenny8.
For the stable distribution (squeeze) these problems have been fixed in version 1.2.6-2+squeeze1.
For the unstable distribution (sid) these problems have been fixed in version 1.2.7.
We recommend that you upgrade your mahara package.
Vulmon