AXSA:2008-285:02

Release date: 
Wednesday, October 29, 2008 - 19:25
Subject: 
drupal-6.4-1AXS3
Affected Channels: 
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Asianux Server 3 for ppc
Asianux Server 3 for ia64
Severity: 
High
Description: 

Drupal is a free CMS (Content Management System) software package that allows an individual or a community of users to easily publish, manage and organize a wide variety of content on a website.
This update addresses the following problems:
CVE-2008-3743
Multiple cross-site request forgery (CSRF) vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions via unknown vectors, related to improper token validation for (1) cached forms and (2) forms with AHAH elements.
CVE-2008-3744
Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.10 and 6.x before 6.4 allow remote attackers to (1) add or (2) delete user access rules as administrators via an unspecified URL.
CVE-2008-3218
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) free tagging taxonomy terms, which are not properly handled on node preview pages, and (2) unspecified OpenID values.
CVE-2008-3220
Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before 5.8 and 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of translated strings.
CVE-2008-3221
Cross-site request forgery (CSRF) vulnerability in Drupal 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of OpenID identities.
CVE-2008-3222
Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules terminate the current request during a login event

Solution: 

Update packages

Additional Info: 

N/A

Download: 

Asianux Server 3 for x86
  1. drupal-6.4-1AXS3.noarch.rpm
    MD5: 0121909e7e9d2819384306ca20267937
    SHA-256: 81a3b1ab236ada148c1a0d37fc035caf590c70d225a1a347896e3eabb3ce9c4e
    Size: 1.88 MB

Asianux Server 3 for x86_64
  1. drupal-6.4-1AXS3.noarch.rpm
    MD5: 01f073f81b133597b7dca0ce1864fbff
    SHA-256: 455bb43acdc31b2ced3d001c1ea18e43853f6ecdff6122d6f796791e08aedb74
    Size: 1.88 MB
Copyright 2007-2022 Cybertrust Japan Co., Ltd. All rights reserved.