New Moodle packages: fix several vulnerabilities

Users of Moodle please be advised of a New moodle packages fix several vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (

DSA-2115-1: [DSA-2115-1] New moodle packages fix several vulnerabilities
Several remote vulnerabilities have been discovered in Moodle, a

course management system. The Common Vulnerabilities and Exposures

project identifies the following problems:


Moodle does not enable the “Regenerate session id during

login” setting by default, which makes it easier for remote

attackers to conduct session fixation attacks.


Multiple cross-site scripting (XSS) vulnerabilities allow

remote attackers to inject arbitrary web script or HTML via

vectors related to (1) the Login-As feature or (2) when the

global search feature is enabled, unspecified global search

forms in the Global Search Engine.