drupal-6.28-1.AXS3
エラータID: AXSA:2013-61:01
Release date:
Friday, February 1, 2013 - 14:43
Subject:
drupal-6.28-1.AXS3
Affected Channels:
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity:
High
Description:
Description Drupal is a free software package that allows an individual or a community of users to easily publish, manage and organize a wide variety of content on a website. Tens of thousands of people and organizations have used Drupal to power scores of different web sites, including
• Community web portals
• Discussion sites
• Corporate web sites
• Intranet applications
• Personal web sites or blogs
• Aficionado sites
• E-commerce applications
• Resource directories
• Social Networking sites
Security issues fixed with this issue:
• CVE-2013-0244
• CVE-2013-0245
Solution:
Update packages.
CVEs:
CVE-2013-0244
Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inject arbitrary web script or HTML via vectors involving unspecified Javascript functions that are used to select DOM elements.
Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inject arbitrary web script or HTML via vectors involving unspecified Javascript functions that are used to select DOM elements.
CVE-2013-0245
The printer friendly version functionality in the Book module in Drupal 6.x before 6.28 and 7.x before 7.19 does not properly restrict access to node that are part of a book outline, which allows remote authenticated users with the "access printer-friendly version" permission to read node titles and possibly node content via unspecified vectors.
The printer friendly version functionality in the Book module in Drupal 6.x before 6.28 and 7.x before 7.19 does not properly restrict access to node that are part of a book outline, which allows remote authenticated users with the "access printer-friendly version" permission to read node titles and possibly node content via unspecified vectors.
Additional Info:
N/A
Download:
SRPMS
- drupal-6.28-1.AXS3.src.rpm
MD5: aeac28d370d55d553285d749cf55e223
SHA-256: e6ed9bff16d7e6f7e9f5b4c8d3bbb54630887d4d134942a19f2c2a010c8d97e5
Size: 1.90 MB