U radu programskog paketa Drupal 6 uočen je novi sigurnosni propust. Udaljeni ga napadač može iskoristiti za pokretanje SQL koda.
| Paket: | drupal 6.x |
| Operacijski sustavi: | Fedora 14, Fedora 15, Fedora 16 |
| Problem: | pogreška u programskoj komponenti |
| Iskorištavanje: | udaljeno |
| Posljedica: | pokretanje SQL koda |
| Rješenje: | programska zakrpa proizvođača |
| Izvorni ID preporuke: | FEDORA-2011-15352 |
| Izvor: | Fedora |
| Problem: | |
| Sigurnosni propust se javlja zbog pogrešne implementacije komponente "Views". |
|
| Posljedica: | |
| Udaljeni napadač navedenu ranjivost može iskoristiti za pokretanje proizvoljnog SQL koda. |
|
| Rješenje: | |
| Svim se korisnicima navedenog programskog paketa preporučuje korištenje dostupnih nadogradnja i zakrpa. |
|
Izvorni tekst preporuke
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-15352
2011-11-03 21:50:33
--------------------------------------------------------------------------------
Name : drupal6-views
Product : Fedora 16
Version : 2.13
Release : 1.fc16
URL : http://drupal.org/project/views
Summary : Provides a method for site designers to control content
presentation
Description :
The views module provides a flexible method for Drupal site designers
to control how lists of content (nodes) are presented. Traditionally,
Drupal has hard-coded most of this, particularly in how taxonomy and
tracker lists are formatted.
This tool is essentially a smart query builder that, given enough
information, can build the proper query, execute it, and display the
results. It has four modes, plus a special mode, and provides an
impressive amount of functionality from these modes.
--------------------------------------------------------------------------------
Update Information:
Update to 2.13, fixes SA-CONTRIB-2011-052
http://drupal.org/node/1329898
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 2 2011 Orion Poplawski <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.13-1
- Update to 2.13, fixes SA-CONTRIB-2011-052.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update drupal6-views' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-15385
2011-11-04 19:59:20
--------------------------------------------------------------------------------
Name : drupal6-views
Product : Fedora 15
Version : 2.13
Release : 1.fc15
URL : http://drupal.org/project/views
Summary : Provides a method for site designers to control content
presentation
Description :
The views module provides a flexible method for Drupal site designers
to control how lists of content (nodes) are presented. Traditionally,
Drupal has hard-coded most of this, particularly in how taxonomy and
tracker lists are formatted.
This tool is essentially a smart query builder that, given enough
information, can build the proper query, execute it, and display the
results. It has four modes, plus a special mode, and provides an
impressive amount of functionality from these modes.
--------------------------------------------------------------------------------
Update Information:
Update to 2.13, fixes SA-CONTRIB-2011-052
http://drupal.org/node/1329898
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 2 2011 Orion Poplawski <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.13-1
- Update to 2.13, fixes SA-CONTRIB-2011-052.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update drupal6-views' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-15399
2011-11-04 20:00:07
--------------------------------------------------------------------------------
Name : drupal-views
Product : Fedora 14
Version : 6.x.2.13
Release : 1.fc14
URL : http://drupal.org/project/views
Summary : Provides a method for site designers to control content
presentation
Description :
The views module provides a flexible method for Drupal site designers
to control how lists of content (nodes) are presented. Traditionally,
Drupal has hard-coded most of this, particularly in how taxonomy and
tracker lists are formatted.
This tool is essentially a smart query builder that, given enough
information, can build the proper query, execute it, and display the
results. It has four modes, plus a special mode, and provides an
impressive amount of functionality from these modes.
--------------------------------------------------------------------------------
Update Information:
Update to 2.13, fixes SA-CONTRIB-2011-052
http://drupal.org/node/1329898
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 2 2011 Orion Poplawski <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 6.x.2.13-1
- Update to 2.13, fixes SA-CONTRIB-2011-052.
* Thu Dec 16 2010 Jon Ciesla <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 6.x.2.12-1
- New upstream, fixes SA-CONTRIB-2010-111.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update drupal-views' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke