drupal-6.27-1.AXS3

エラータID: AXSA:2012-1054:02

Release date: 
Monday, December 31, 2012 - 21:53
Subject: 
drupal-6.27-1.AXS3
Affected Channels: 
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity: 
High
Description: 

Drupal is a free software package that allows an individual or a community of users to easily publish, manage and organize a wide variety of content on a website. Tens of thousands of people and organizations have used Drupal to power scores of different web sites, including

• Community web portals
• Discussion sites
• Corporate web sites
• Intranet applications
• Personal web sites or blogs
• Aficionado sites
• E-commerce applications
• Resource directories
• Social Networking sites

Security issues fixed with this release:

• CVE-2012-5651
• CVE-2012-5652
• CVE-2012-5653
No description available at the time of writing, please refer to the CVE links below.

Solution: 

Update packages.

CVEs: 
CVE-2012-5651
Drupal 6.x before 6.27 and 7.x before 7.18 displays information for blocked users, which might allow remote attackers to obtain sensitive information by reading the search results.
CVE-2012-5652
Drupal 6.x before 6.27 allows remote attackers to obtain sensitive information about uploaded files via a (1) RSS feed or (2) search result.
CVE-2012-5653
The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file name.




Additional Info: 

N/A

Download: 

Asianux Server 3 for x86
  1. drupal-6.27-1.AXS3.noarch.rpm
    MD5: 150db6e40da9ab124a53ba6bebc27c58
    SHA-256: 0754c74dafa66e99de7a575b162149970caff30bb98e679bc9712ac452090d07
    Size: 1.91 MB

Asianux Server 3 for x86_64
  1. drupal-6.27-1.AXS3.noarch.rpm
    MD5: 258bbccd1dbce60b36163d2a2b0f4055
    SHA-256: ca16351460f0ae4fdfa89b12e1bf4c6fc6ec79167ce4b4a3fc34eb911c189d24
    Size: 1.91 MB