drupal-6.4-4AXS3

エラータID: AXSA:2008-540:06

Release date: 
Wednesday, December 31, 2008 - 14:38
Subject: 
drupal-6.4-4AXS3
Affected Channels: 
Asianux Server 3 for ppc
Asianux Server 3 for x86
Asianux Server 3 for ia64
Asianux Server 3 for x86_64
Severity: 
Moderate
Description: 

Drupal is a free software package that allows an individual or a community of users to easily publish, manage and organize a wide variety of content on a website.
Bugs fixed:
Cross site request forgery:
The update system is vulnerable to Cross site request forgeries. Malicious users may cause the superuser (user 1) to execute old updates that may damage the database.
Cross site scripting:
When an input format is deleted, not all existing content on a site is updated to reflect this deletion. Such content is then displayed unfiltered. This may lead to cross site scripting attacks when harmful tags are no longer stripped from 'malicious' content that was posted earlier.

Solution: 

Update packages

CVEs: 




Additional Info: 

N/A

Download: 

SRPMS
  1. drupal-6.4-4AXS3.src.rpm
    MD5: c7345a2f3576fb07639ecc40bafdfe51
    SHA-256: f773924dfac2ae8775f0638dc6cdc4195b8ee6d4c653e86573aba0768aa0be6d
    Size: 1.87 MB

Asianux Server 3 for x86
  1. drupal-6.4-4AXS3.noarch.rpm
    MD5: 24ff1b3817c76f8b0f828293d918f065
    SHA-256: 10ed38fa3c02fe41eef469cbaffbb121fb7f47a2e913bf2aa6124931b379f47b
    Size: 1.88 MB

Asianux Server 3 for x86_64
  1. drupal-6.4-4AXS3.noarch.rpm
    MD5: f42116af74f4576b3cf154fc2cfea969
    SHA-256: 6327551674efee55688f0c79812f5b9d3ba730a3b2d4fa2eb579e748b55a5125
    Size: 1.88 MB