U radu programskog paketa Drupal, za operacijske sustave Fedora 15 i 16, uočena su tri sigurnosna propusta. Udaljeni ih napadač može iskoristiti za izvođenje napada uskraćivanjem usluge, izmjenu podataka te zaobilaženje postavljenih ograničenja.
| Paket: | drupal 6.x, drupal 7.x |
| Operacijski sustavi: | Fedora 15, Fedora 16 |
| Kritičnost: | 4.6 |
| Problem: | CSRF, pogreška u programskoj komponenti |
| Iskorištavanje: | udaljeno |
| Posljedica: | izmjena podataka, uskraćivanje usluga (DoS), zaobilaženje postavljenih ograničenja |
| Rješenje: | programska zakrpa proizvođača |
| CVE: | CVE-2012-0826, CVE-2012-0825, CVE-2012-0827 |
| Izvorni ID preporuke: | FEDORA-2012-1283 |
| Izvor: | Fedora |
| Problem: | |
| Propusti su posljedica nepravilnosti u modulima "OpenID" i "File" te CSRF (eng. Cross Site Request Forgery) ranjivosti u modulu "Aggregator". |
|
| Posljedica: | |
| Napadačima omogućuju izvođenje DoS napada, zaobilaženje postavljenih ograničenja i promjenu određenih podataka. |
|
| Rješenje: | |
| Korisnici se potiču da nadograde svoje pakete. |
|
Izvorni tekst preporuke
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-1283
2012-02-04 04:45:32
--------------------------------------------------------------------------------
Name : drupal6
Product : Fedora 15
Version : 6.24
Release : 1.fc15
URL : http://www.drupal.org
Summary : An open-source content-management platform
Description :
Equipped with a powerful blend of features, Drupal is a Content Management
System written in PHP that can support a variety of websites ranging from
personal weblogs to large community-driven websites. Drupal is highly
configurable, skinnable, and secure.
--------------------------------------------------------------------------------
Update Information:
This package includes security updates from upstream 6.23 as well as additional
bug fixes. Refer to upstream notes for more information:
* http://drupal.org/node/1425082
* http://drupal.org/node/1425094
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 2 2012 Jon Ciesla <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 6.24-1
- New upstream, 786769.
* Fri Jan 13 2012 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
6.22-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Thu Jun 30 2011 Jon Ciesla <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 6.22-3
- Drop unneeded dirs in /etc/drupal6, BZ 706735.
* Fri Jun 17 2011 Jon Ciesla <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 6.22-2
- Bump and rebuild for BZ 712251.
* Thu May 26 2011 Jon Ciesla <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 6.22-1
- Update to 6.22, SA-CORE-2011-001.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update drupal6' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-1250
2012-02-04 04:39:24
--------------------------------------------------------------------------------
Name : drupal7
Product : Fedora 15
Version : 7.12
Release : 1.fc15
URL : http://www.drupal.org
Summary : An open-source content-management platform
Description :
Equipped with a powerful blend of features, Drupal is a Content Management
System written in PHP that can support a variety of websites ranging from
personal weblogs to large community-driven websites. Drupal is highly
configurable, skinnable, and secure.
--------------------------------------------------------------------------------
Update Information:
This package includes security updates from upstream 7.11 as well as additional
bug fixes. Refer to upstream notes for more information:
* http://drupal.org/node/1425092
* http://drupal.org/node/1425104
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 2 2012 Jon Ciesla <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7.12-1
- New upstream.
* Fri Jan 13 2012 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
7.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Dec 6 2011 Jon Ciesla <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7.10-1
- New upstream, BZ 760504.
* Thu Oct 27 2011 Paul W. Frields <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7.9-1
- New upstream, BZ 749509.
* Sat Sep 3 2011 Paul W. Frields <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7.8-1
- New upstream, minor bugfixes and API improvements only.
* Sun Aug 7 2011 Paul W. Frields <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7.7-1
- New upstream, fixed version string only.
* Wed Jul 27 2011 Jon Ciesla <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7.6-1
- New upstream, SA-CORE-2011-003, BZ 726243.
* Thu Jun 30 2011 Jon Ciesla <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7.4-1
- New upstream, SA-CORE-2011-002, BZ 717874.
- Dropped unused dirs in /etc/drupal7/, BZ 703736.
* Fri Jun 17 2011 Jon Ciesla <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7.2-2
- Bump and rebuild for BZ 712251.
* Thu May 26 2011 Jon Ciesla <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7.2-1
- New upstream, SA-CORE-2011-001.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update drupal7' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-1306
2012-02-04 04:47:07
--------------------------------------------------------------------------------
Name : drupal6
Product : Fedora 16
Version : 6.24
Release : 1.fc16
URL : http://www.drupal.org
Summary : An open-source content-management platform
Description :
Equipped with a powerful blend of features, Drupal is a Content Management
System written in PHP that can support a variety of websites ranging from
personal weblogs to large community-driven websites. Drupal is highly
configurable, skinnable, and secure.
--------------------------------------------------------------------------------
Update Information:
This package includes security updates from upstream 6.23 as well as additional
bug fixes. Refer to upstream notes for more information:
* http://drupal.org/node/1425082
* http://drupal.org/node/1425094
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 2 2012 Jon Ciesla <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 6.24-1
- New upstream, 786769.
* Fri Jan 13 2012 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
6.22-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update drupal6' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-1268
2012-02-04 04:42:40
--------------------------------------------------------------------------------
Name : drupal7
Product : Fedora 16
Version : 7.12
Release : 1.fc16
URL : http://www.drupal.org
Summary : An open-source content-management platform
Description :
Equipped with a powerful blend of features, Drupal is a Content Management
System written in PHP that can support a variety of websites ranging from
personal weblogs to large community-driven websites. Drupal is highly
configurable, skinnable, and secure.
--------------------------------------------------------------------------------
Update Information:
This package includes security updates from upstream 7.11 as well as additional
bug fixes. Refer to upstream notes for more information:
* http://drupal.org/node/1425092
* http://drupal.org/node/1425104
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 2 2012 Jon Ciesla <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7.12-1
- New upstream.
* Fri Jan 13 2012 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
7.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Dec 6 2011 Jon Ciesla <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7.10-1
- New upstream, BZ 760504.
* Thu Oct 27 2011 Paul W. Frields <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7.9-1
- New upstream, BZ 749509.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update drupal7' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke