New Moodle packages: fix several vulnerabilities

Users of Moodle please be advised of a New moodle packages fix several vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

DSA-2115-1: [DSA-2115-1] New moodle packages fix several vulnerabilities
Several remote vulnerabilities have been discovered in Moodle, a

course management system. The Common Vulnerabilities and Exposures

project identifies the following problems:

CVE-2010-1613

Moodle does not enable the “Regenerate session id during

login” setting by default, which makes it easier for remote

attackers to conduct session fixation attacks.

CVE-2010-1614

Multiple cross-site scripting (XSS) vulnerabilities allow

remote attackers to inject arbitrary web script or HTML via

vectors related to (1) the Login-As feature or (2) when the

global search feature is enabled, unspecified global search

forms in the Global Search Engine.
Read more at http://www.criticalwatch.com