Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-31938

Upgrade phpCAS library - fixing CVE-2012-1104 and CVE-2012-1105 and various problems

XMLWordPrintable

    • Any
    • MOODLE_19_STABLE, MOODLE_20_STABLE, MOODLE_21_STABLE, MOODLE_22_STABLE
    • MOODLE_26_STABLE
    • MDL-31938-master
    • Hide

      Prerequisites: You need a CAS SSO server setup.

      For the purposes of this issue, the ldap connection parts have not changed, so it is probably sufficient to simply test the php to CAS SSO. (e.g. the default CAS setup of authenticating with any credentials).

      1. Enable the CAS authentication plugin and configure it to talk to your CAS server.
      2. Ensure that users can login correctly through CAS SSO.
      Show
      Prerequisites: You need a CAS SSO server setup. For the purposes of this issue, the ldap connection parts have not changed, so it is probably sufficient to simply test the php to CAS SSO. (e.g. the default CAS setup of authenticating with any credentials). Enable the CAS authentication plugin and configure it to talk to your CAS server. Ensure that users can login correctly through CAS SSO.

      Two security issues were discovered in phpCAS that Moodle embeds: CVE-2012-1104 and CVE-2012-1105. See http://seclists.org/oss-sec/2012/q1/551 for more details.

            iarenaza Iñaki Arenaza
            tmuras Tomasz Muras
            Dan Poltawski Dan Poltawski
            Marina Glancy Marina Glancy
            Damyon Wiese Damyon Wiese
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.