Skip to Content
Solutions
+ Not Sure? Try our solution finder
Data Center

Enterprise Linux Servers

Virtualization & Workload Management

Business Service Management

Identity & Security

Compliance Management

Identity & Access Management

Security Management

End-User Computing

Collaboration

Endpoint Management
Novell OEM Solutions

SUSE Appliance Program

Pre-loaded Linux Desktop

Cloud Security

Markets

Cloud Computing

Intelligent Workload Management
Products
Products By Category

Data Center

Business Experience Manager

Business Service Level Manager

Business Service Manager

CMDB360

myCMDB

myMO Dashboards

PlateSpin Forge

PlateSpin Migrate

PlateSpin Orchestrate

PlateSpin Protect

PlateSpin Recon

SUSE Linux Enterprise High Availability Extension

SUSE Linux Enterprise Mono Extension

SUSE Linux Enterprise Point of Service

SUSE Linux Enterprise Real Time

SUSE Linux Enterprise Server

SUSE Linux Enterprise Server for System z

SUSE Linux Enterprise Server Priority Support for SAP Applications

SUSE Linux Enterprise Server with Expanded Support

ZENworks Linux Management

End-User Computing

GroupWise

File Management Suite

Open Enterprise Server

OpenOffice.org Novell Edition

Open Workgroup Suite

Open Workgroup Suite Small Business Edition

Pulse

Teaming

ZENworks Application Virtualization

ZENworks Asset Management

ZENworks Configuration Management

ZENworks Endpoint Security Management

ZENworks Linux Management

ZENworks Network Access Control

ZENworks Patch Management

Identity & Security

Access Governance Suite

Access Manager

Cloud Security Service

Compliance Management Platform

Identity Manager

Privileged User Manager

SecureLogin

Sentinel

Sentinel Log Manager

Sentinel Rapid Deployment

Storage Manager

Novell OEM Products

SUSE Appliance Toolkit

SUSE Linux Enterprise Desktop

SUSE Linux Enterprise JeOS

SUSE Linux Enterprise Thin Client

SUSE Moblin

SUSE Studio
A-Z

A

Access Governance Suite

Access Manager

AppArmor

B

BorderManager

Business Continuity Clustering

Business Experience Manager

Business Service Manager

Business Service Level Manager

C

Client for Linux

Client for Windows XP/2000

Cloud Security Service

Cluster Services for Open Enterprise Server

CMDB360

Compliance Management Platform

ConsoleOne

E

eDirectory

Evolution

F

File Management Suite

G

GroupWise 8

GroupWise Gateways

I

Identity Assurance Solution

Identity Audit

Identity Manager

Identity Manager Integration Modules

iFolder 2.1

iManager

J

JBoss Enterprise Middleware

M

Modular Authentication Service (NMAS)

Mono Tools for Visual Studio

myCMDB

myMO Dashboard

N

NFS Gateway for NetWare 6.5

NICI Encryption Modules

O

OpenOffice.org Novell Edition for Windows

openSUSE 11.1

Open Enterprise Server 2

Open Workgroup Suite

Open Workgroup Suite Small Business Edition

P

PlateSpin Forge

PlateSpin Migrate

PlateSpin Orchestrate

PlateSpin Protect

PlateSpin Recon

Privileged User Manager

Novell Pulse

S

SecureLogin

Sentinel

Sentinel Log Manager

Storage Manager

SUSE Appliance Program

SUSE Appliance Toolkit

SUSE Linux Enterprise Consolidation Suite for System z

SUSE Linux Enterprise Desktop

SUSE Linux Enterprise High Availability Extension

SUSE Linux Enterprise JeOS

SUSE Linux Enterprise Mono Extension

SUSE Linux Enterprise Point of Service

SUSE Linux Enterprise Real Time

SUSE Linux Enterprise Server

SUSE Linux Enterprise Server Priority Support for SAP Applications

SUSE Linux Enterprise Server for
System z

SUSE Linux Enterprise Server with Expanded Support

SUSE Linux Enterprise Thin Client

SUSE Linux Enterprise Virtual Machine Driver Pack

SUSE Moblin

SUSE Studio

T

Teaming

Z

ZENworks Application Virtualization

ZENworks Asset Management

ZENworks Configuration Management

ZENworks Endpoint Security Management

ZENworks Handheld Management

ZENworks Linux Management

ZENworks Network Access Control

ZENworks Patch Management
Services & Support
+ Novell Services Overview
Self Support

Knowledgebase

Novell Support Advisor

Discussion Forums

Documentation

Support by Product

Activate My Product

Technical Subscriptions

Support Programs

Support from Partner

Entitlement & Access

Open Service Request

Novell Support Programs

Product Support Lifecycle

Chat with Us (Non-technical Questions)
Technical Training

Look Up & Locate Training

Certification and Testing

Advanced Technical Training

Custom On-site Training

Free Training

On-demand Training

Online Training

Technical Skills Assessments

Training Partners

Contribute

Participate in Beta

Report Bug

Share a Tip, Trick, etc.

Request Enhancement

Report Software Vulnerability
Download

Patches

Products

Drivers

Beta

Cool Tools

Customer Center

My Profile

My Products

My Support

My Training

Open Service Request
IT Consulting

Why Consulting

Consulting Offerings

Delivery Excellence Reviews

Fast Tracks

NetWare to Open Enterprise Server

Novell Teaming

ZENworks Migration Assurance

PlateSpin Forge
Partners & Communities
+ Novell Partners & Communities Overview
Partner With Novell

Solution Provider & System Integrator

Hardware Vendor

Software Vendor

Training Provider

PartnerNet

PartnerNet Login

PartnerNet Community

Enablement Central

Find a Partner

Partner Locator

SUSE Linux Enterprise ISV Catalog

Certified Partner Products

Alliance Partners
User Communities

Cool Solutions

Novell Users International (NUI)

Novell Forums

Developers

Developer Library

YES Certified Program

Project Hosting

Developer Community
About Novell
+ About Novell
General Novell

Contact Us

Our Customers

Job Search

Latest Job Postings

Connection Magazine

Events

Media Gallery

Corporate Blogs

Industry Analysts

Press

Press Releases

Media Resources

News Blog

Subscribe
Investor Relations

Annual Meeting

Corporate Governance

Corporate Information

Financial Results

Investor Presentations & Events

SEC Filings
Stock Price
How to Buy
+ How to Buy Overview
Request a Sales Call

Find a Partner

shopNovell

Shop for Training

Volume Licensing & Buying Programs

Novell Merchandise

CVE-2009-1171

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

CVE-2009-1171 at MITRE

Description

The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file.

Novell Bugzilla entry: 490087

SUSE Security Advisories:

SUSE-SR:2009:009 , published Tue, 21 Apr 2009 15:00:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE 10.3	`moodle >= 1.8.2-17.14` `moodle-af >= 1.8.2-17.14` `moodle-ar >= 1.8.2-17.14` `moodle-be >= 1.8.2-17.14` `moodle-bg >= 1.8.2-17.14` `moodle-bs >= 1.8.2-17.14` `moodle-ca >= 1.8.2-17.14` `moodle-cs >= 1.8.2-17.14` `moodle-da >= 1.8.2-17.14` `moodle-de >= 1.8.2-17.14` `moodle-de_du >= 1.8.2-17.14` `moodle-el >= 1.8.2-17.14` `moodle-es >= 1.8.2-17.14` `moodle-et >= 1.8.2-17.14` `moodle-eu >= 1.8.2-17.14` `moodle-fa >= 1.8.2-17.14` `moodle-fi >= 1.8.2-17.14` `moodle-fr >= 1.8.2-17.14` `moodle-ga >= 1.8.2-17.14` `moodle-gl >= 1.8.2-17.14` `moodle-he >= 1.8.2-17.14` `moodle-hi >= 1.8.2-17.14` `moodle-hr >= 1.8.2-17.14` `moodle-hu >= 1.8.2-17.14` `moodle-id >= 1.8.2-17.14` `moodle-is >= 1.8.2-17.14` `moodle-it >= 1.8.2-17.14` `moodle-ja >= 1.8.2-17.14` `moodle-ka >= 1.8.2-17.14` `moodle-km >= 1.8.2-17.14` `moodle-kn >= 1.8.2-17.14` `moodle-ko >= 1.8.2-17.14` `moodle-lt >= 1.8.2-17.14` `moodle-lv >= 1.8.2-17.14` `moodle-mi_tn >= 1.8.2-17.14` `moodle-ms >= 1.8.2-17.14` `moodle-nl >= 1.8.2-17.14` `moodle-nn >= 1.8.2-17.14` `moodle-no >= 1.8.2-17.14` `moodle-pl >= 1.8.2-17.14` `moodle-pt >= 1.8.2-17.14` `moodle-ro >= 1.8.2-17.14` `moodle-ru >= 1.8.2-17.14` `moodle-sk >= 1.8.2-17.14` `moodle-sl >= 1.8.2-17.14` `moodle-so >= 1.8.2-17.14` `moodle-sq >= 1.8.2-17.14` `moodle-sr >= 1.8.2-17.14` `moodle-sv >= 1.8.2-17.14` `moodle-th >= 1.8.2-17.14` `moodle-tl >= 1.8.2-17.14` `moodle-tr >= 1.8.2-17.14` `moodle-uk >= 1.8.2-17.14` `moodle-vi >= 1.8.2-17.14` `moodle-zh_cn >= 1.8.2-17.14`	ZYPP Patch Nr: 6198 SAT Patch Nr: 803
openSUSE 11.0	`moodle-debuginfo >= 1.9.0-24.8`	ZYPP Patch Nr: 6198 SAT Patch Nr: 803
openSUSE 11.0	`moodle >= 1.9.0-24.8` `moodle-af >= 1.9.0-24.8` `moodle-ar >= 1.9.0-24.8` `moodle-be >= 1.9.0-24.8` `moodle-bg >= 1.9.0-24.8` `moodle-bs >= 1.9.0-24.8` `moodle-ca >= 1.9.0-24.8` `moodle-cs >= 1.9.0-24.8` `moodle-da >= 1.9.0-24.8` `moodle-de >= 1.9.0-24.8` `moodle-de_du >= 1.9.0-24.8` `moodle-el >= 1.9.0-24.8` `moodle-es >= 1.9.0-24.8` `moodle-et >= 1.9.0-24.8` `moodle-eu >= 1.9.0-24.8` `moodle-fa >= 1.9.0-24.8` `moodle-fi >= 1.9.0-24.8` `moodle-fr >= 1.9.0-24.8` `moodle-ga >= 1.9.0-24.8` `moodle-gl >= 1.9.0-24.8` `moodle-he >= 1.9.0-24.8` `moodle-hi >= 1.9.0-24.8` `moodle-hr >= 1.9.0-24.8` `moodle-hu >= 1.9.0-24.8` `moodle-id >= 1.9.0-24.8` `moodle-is >= 1.9.0-24.8` `moodle-it >= 1.9.0-24.8` `moodle-ja >= 1.9.0-24.8` `moodle-ka >= 1.9.0-24.8` `moodle-km >= 1.9.0-24.8` `moodle-kn >= 1.9.0-24.8` `moodle-ko >= 1.9.0-24.8` `moodle-lt >= 1.9.0-24.8` `moodle-lv >= 1.9.0-24.8` `moodle-mi_tn >= 1.9.0-24.8` `moodle-ms >= 1.9.0-24.8` `moodle-nl >= 1.9.0-24.8` `moodle-nn >= 1.9.0-24.8` `moodle-no >= 1.9.0-24.8` `moodle-pl >= 1.9.0-24.8` `moodle-pt >= 1.9.0-24.8` `moodle-ro >= 1.9.0-24.8` `moodle-ru >= 1.9.0-24.8` `moodle-sk >= 1.9.0-24.8` `moodle-sl >= 1.9.0-24.8` `moodle-so >= 1.9.0-24.8` `moodle-sq >= 1.9.0-24.8` `moodle-sr >= 1.9.0-24.8` `moodle-sv >= 1.9.0-24.8` `moodle-th >= 1.9.0-24.8` `moodle-tl >= 1.9.0-24.8` `moodle-tr >= 1.9.0-24.8` `moodle-uk >= 1.9.0-24.8` `moodle-vi >= 1.9.0-24.8` `moodle-zh_cn >= 1.9.0-24.8`	ZYPP Patch Nr: 6198 SAT Patch Nr: 803
openSUSE 11.1	`moodle-debuginfo >= 1.9.3-1.12.1`	ZYPP Patch Nr: 6198 SAT Patch Nr: 803
openSUSE 11.1	`moodle >= 1.9.3-1.12.1` `moodle-af >= 1.9.3-1.12.1` `moodle-ar >= 1.9.3-1.12.1` `moodle-be >= 1.9.3-1.12.1` `moodle-bg >= 1.9.3-1.12.1` `moodle-bs >= 1.9.3-1.12.1` `moodle-ca >= 1.9.3-1.12.1` `moodle-cs >= 1.9.3-1.12.1` `moodle-da >= 1.9.3-1.12.1` `moodle-de >= 1.9.3-1.12.1` `moodle-de_du >= 1.9.3-1.12.1` `moodle-el >= 1.9.3-1.12.1` `moodle-es >= 1.9.3-1.12.1` `moodle-et >= 1.9.3-1.12.1` `moodle-eu >= 1.9.3-1.12.1` `moodle-fa >= 1.9.3-1.12.1` `moodle-fi >= 1.9.3-1.12.1` `moodle-fr >= 1.9.3-1.12.1` `moodle-ga >= 1.9.3-1.12.1` `moodle-gl >= 1.9.3-1.12.1` `moodle-he >= 1.9.3-1.12.1` `moodle-hi >= 1.9.3-1.12.1` `moodle-hr >= 1.9.3-1.12.1` `moodle-hu >= 1.9.3-1.12.1` `moodle-id >= 1.9.3-1.12.1` `moodle-is >= 1.9.3-1.12.1` `moodle-it >= 1.9.3-1.12.1` `moodle-ja >= 1.9.3-1.12.1` `moodle-ka >= 1.9.3-1.12.1` `moodle-km >= 1.9.3-1.12.1` `moodle-kn >= 1.9.3-1.12.1` `moodle-ko >= 1.9.3-1.12.1` `moodle-lt >= 1.9.3-1.12.1` `moodle-lv >= 1.9.3-1.12.1` `moodle-mi_tn >= 1.9.3-1.12.1` `moodle-ms >= 1.9.3-1.12.1` `moodle-nl >= 1.9.3-1.12.1` `moodle-nn >= 1.9.3-1.12.1` `moodle-no >= 1.9.3-1.12.1` `moodle-pl >= 1.9.3-1.12.1` `moodle-pt >= 1.9.3-1.12.1` `moodle-ro >= 1.9.3-1.12.1` `moodle-ru >= 1.9.3-1.12.1` `moodle-sk >= 1.9.3-1.12.1` `moodle-sl >= 1.9.3-1.12.1` `moodle-so >= 1.9.3-1.12.1` `moodle-sq >= 1.9.3-1.12.1` `moodle-sr >= 1.9.3-1.12.1` `moodle-sv >= 1.9.3-1.12.1` `moodle-th >= 1.9.3-1.12.1` `moodle-tl >= 1.9.3-1.12.1` `moodle-tr >= 1.9.3-1.12.1` `moodle-uk >= 1.9.3-1.12.1` `moodle-vi >= 1.9.3-1.12.1` `moodle-zh_cn >= 1.9.3-1.12.1`	ZYPP Patch Nr: 6198 SAT Patch Nr: 803

Customer Center

Novell® Making IT Work As One™

© 2010 Novell