U radu programskog paketa drupal6-views_bulk_operations uočen je sigurnosni propust kojeg udaljeni napadač može iskoristiti za XSS (eng. Cross-Site Scripting) napad, odnosno proizvoljno pokretanje HTML i skriptnog koda.
Paket:
Operacijski sustavi:
Fedora 14, Fedora 15, Fedora 16
Kritičnost:
3.5
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
udaljeno
Posljedica:
umetanje HTML i skriptnog koda
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-3373
Izvorni ID preporuke:
FEDORA-2011-13180
Izvor:
Fedora
Problem:
Sigurnosna ranjivost je posljedica pogreške prilikom izlaska iz komponente "vocabulary help".
Posljedica:
Udaljeni napadač navedenu ranjivost može iskoristiti za proizvoljno pokretanje HTML i skriptnog koda.
Rješenje:
Rješenje problema sigurnosti je korištenje dostupnih programskih nadogradnji.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-13180
2011-09-25 02:55:09
--------------------------------------------------------------------------------
Name : drupal6-views_bulk_operations
Product : Fedora 15
Version : 1.11
Release : 1.fc15
URL : http://drupal.org/project/views_bulk_operations
Summary : This module augments Views by allowing bulk operations to be
executed
Description :
This module augments Views by allowing bulk operations to be executed
on the nodes displayed by a view.
It does so by showing a check box in front of each node,
and adding a select box containing operations
that can be applied on the selected nodes.
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release. This release contains
some minor bugfixes and a six for a possible XSS attack.
See http://drupal.org/node/1286844 for details.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 22 2011 Sven Lankes - 1.11-1
- update to latest upstream release
- fixes DRUPAL-SA-CONTRIB-2011-042
- translations have been removed upstream
* Sun Feb 27 2011 Sven Lankes - 1.10-7
- Fix maintainer error - I worked on the wrong branch
* Sun Feb 27 2011 Sven Lankes - 1.10-6.2
- Also adjust drupaldir
* Sun Feb 27 2011 Sven Lankes - 1.10-6.1
- Fix requires for F14 where drupal6 ist still called drupal
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #740553 - CVE-2011-3373 drupal6-views_bulk_operations: XSS due
improper escaping of a vocabulary help (SA-CONTRIB-2011-042)
https://bugzilla.redhat.com/show_bug.cgi?id=740553
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update drupal6-views_bulk_operations' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-13235
2011-09-25 02:57:21
--------------------------------------------------------------------------------
Name : drupal6-views_bulk_operations
Product : Fedora 14
Version : 1.11
Release : 1.fc14
URL : http://drupal.org/project/views_bulk_operations
Summary : This module augments Views by allowing bulk operations to be
executed
Description :
This module augments Views by allowing bulk operations to be executed
on the nodes displayed by a view.
It does so by showing a check box in front of each node,
and adding a select box containing operations
that can be applied on the selected nodes.
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release. This release contains
some minor bugfixes and a six for a possible XSS attack.
See http://drupal.org/node/1286844 for details.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #740553 - CVE-2011-3373 drupal6-views_bulk_operations: XSS due
improper escaping of a vocabulary help (SA-CONTRIB-2011-042)
https://bugzilla.redhat.com/show_bug.cgi?id=740553
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update drupal6-views_bulk_operations' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-13166
2011-09-24 20:39:58
--------------------------------------------------------------------------------
Name : drupal6-views_bulk_operations
Product : Fedora 16
Version : 1.11
Release : 1.fc16
URL : http://drupal.org/project/views_bulk_operations
Summary : This module augments Views by allowing bulk operations to be
executed
Description :
This module augments Views by allowing bulk operations to be executed
on the nodes displayed by a view.
It does so by showing a check box in front of each node,
and adding a select box containing operations
that can be applied on the selected nodes.
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release. This release contains
some minor bugfixes and a six for a possible XSS attack.
See http://drupal.org/node/1286844 for details.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #740553 - CVE-2011-3373 drupal6-views_bulk_operations: XSS due
improper escaping of a vocabulary help (SA-CONTRIB-2011-042)
https://bugzilla.redhat.com/show_bug.cgi?id=740553
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update drupal6-views_bulk_operations' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke