drupal-6.24-1.AXS3
エラータID: AXSA:2012-98:01
Release date:
Tuesday, February 7, 2012 - 14:05
Subject:
drupal-6.24-1.AXS3
Affected Channels:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
Drupal is a free software package that allows an individual or a community of users to easily publish, manage and organize a wide variety of content on a website. Tens of thousands of people and organizations have used Drupal to power scores of different web sites, including:
* Community web portals
* Discussion sites
* Corporate web sites
* Intranet applications
* Personal web sites or blogs
* Aficionado sites
* E-commerce applications
* Resource directories
* Social Networking sites
Security issues fixed with this release:
CVE-2012-0825
CVE-2012-0826
No description available at the time of writing, please use the CVE link below.
Solution:
Update packages.
CVEs:
CVE-2012-0825
Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.
Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.
CVE-2012-0826
Cross-site request forgery (CSRF) vulnerability in the Aggregator module in Drupal 6.x before 6.23 and 7.x before 7.11 allows remote attackers to hijack the authentication of unspecified victims for requests that update feeds and possibly cause a denial of service (loss of updates due to rate limit) via unspecified vectors.
Cross-site request forgery (CSRF) vulnerability in the Aggregator module in Drupal 6.x before 6.23 and 7.x before 7.11 allows remote attackers to hijack the authentication of unspecified victims for requests that update feeds and possibly cause a denial of service (loss of updates due to rate limit) via unspecified vectors.
Additional Info:
N/A
Download:
SRPMS
- drupal-6.24-1.AXS3.src.rpm
MD5: bcd66ba8e3875ab16bc2b0fb84a722ac
SHA-256: fe89fbd5721ca6873c34e7fc4f10f046bc2e32176c3380b5d91ecfca62baaeb3
Size: 1.90 MB
Asianux Server 3 for x86
- drupal-6.24-1.AXS3.noarch.rpm
MD5: ffcfa8af6c1c6f34a6a11964b0625468
SHA-256: 5367945438aaf6d609f32df98ec3a4ae25dd4d72f78c10b3f5e93f9e6ca62e8a
Size: 1.91 MB
Asianux Server 3 for x86_64
- drupal-6.24-1.AXS3.noarch.rpm
MD5: d7d35b3bb66cd54927a92d62d01cbea6
SHA-256: f15e8bb3b328f5e05315fc13f751e1034fb5c524408a55fb755d8000d2426933
Size: 1.91 MB
日本語