Izdana je nova inačica programskog paketa drupal7-ctools u kojoj su ispravljeni sigurnosni nedostaci koje napadači mogu iskoristiti za umetanje HTML i skriptog koda te XSS napad.
| Paket: | |
| Operacijski sustavi: | Fedora 15, Fedora 16 |
| Problem: | XSS |
| Iskorištavanje: | udaljeno |
| Posljedica: | umetanje HTML i skriptnog koda |
| Rješenje: | programska zakrpa proizvođača |
| Izvorni ID preporuke: | FEDORA-2012-5078 |
| Izvor: | Fedora |
| Problem: | |
| U radu programskog paketa uočena je XSS (eng. Cross Site Scripting) ranjivost. |
|
| Posljedica: | |
| Propust udaljeni napadač može iskoristiti za umetanje HTML i skriptnog koda te XSS napad. |
|
| Rješenje: | |
| Savjetuje se instalacija nove inačice programskog paketa. |
|
Izvorni tekst preporuke
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-5078
2012-03-31 02:16:54
--------------------------------------------------------------------------------
Name : drupal7-ctools
Product : Fedora 16
Version : 1.0
Release : 1.fc16
URL : http://drupal.org/project/ctools
Summary : This suite is primarily a set of APIs and tools for other Drupal
modules
Description :
This suite is primarily a set of APIs and tools
to improve the developer experience.
It also contains a module called the Page Manager whose job is to manage pages.
In particular it manages panel pages,
but as it grows it will be able to manage far more than just Panels.
For the moment, it includes the following tools:
Plug-ins -- tools to make it easy for modules
to let other modules implement plug-ins from .inc files.
Ex-portables -- tools to make it easier for modules to have objects
that live in database or live in code, such as 'default views'.
AJAX responder -- tools to make it easier for the server to handle AJAX requests
and tell the client what to do with them.
Form tools -- tools to make it easier for forms to deal with AJAX.
Object caching -- tool to make it easier to edit an object
across multiple page requests and cache the editing work.
Contexts -- the notion of wrapping objects in a unified wrapper
and providing an API to create and accept these contexts as input.
Modal dialog -- tool to make it simple to put a form in a modal dialog.
Dependent -- a simple form widget to make form items appear
and disappear based upon the selections in another item.
Content -- plug-gable content types used as panes in Panels
and other modules like Dashboard.
Form wizard -- an API to make multiple-step forms much easier.
CSS tools -- tools to cache and sanitize CSS easily to make user-input CSS safe.
--------------------------------------------------------------------------------
Update Information:
Update to upstream release 1.0, including fix for SA-CONTRIB-2012-054
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 29 2012 Jared Smith <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.0-1
- Update to upstream 1.0 release
* Wed Mar 28 2012 Jared Smith <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.0-0.2.rc2
- Update to upstream rc2 release
* Fri Jan 13 2012 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
1.0-0.2.rc1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #808002 - Drupal's ctools 7.x-1.0 module has been released
https://bugzilla.redhat.com/show_bug.cgi?id=808002
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update drupal7-ctools' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-5094
2012-03-31 02:17:41
--------------------------------------------------------------------------------
Name : drupal7-ctools
Product : Fedora 15
Version : 1.0
Release : 1.fc15
URL : http://drupal.org/project/ctools
Summary : This suite is primarily a set of APIs and tools for other Drupal
modules
Description :
This suite is primarily a set of APIs and tools
to improve the developer experience.
It also contains a module called the Page Manager whose job is to manage pages.
In particular it manages panel pages,
but as it grows it will be able to manage far more than just Panels.
For the moment, it includes the following tools:
Plug-ins -- tools to make it easy for modules
to let other modules implement plug-ins from .inc files.
Ex-portables -- tools to make it easier for modules to have objects
that live in database or live in code, such as 'default views'.
AJAX responder -- tools to make it easier for the server to handle AJAX requests
and tell the client what to do with them.
Form tools -- tools to make it easier for forms to deal with AJAX.
Object caching -- tool to make it easier to edit an object
across multiple page requests and cache the editing work.
Contexts -- the notion of wrapping objects in a unified wrapper
and providing an API to create and accept these contexts as input.
Modal dialog -- tool to make it simple to put a form in a modal dialog.
Dependent -- a simple form widget to make form items appear
and disappear based upon the selections in another item.
Content -- plug-gable content types used as panes in Panels
and other modules like Dashboard.
Form wizard -- an API to make multiple-step forms much easier.
CSS tools -- tools to cache and sanitize CSS easily to make user-input CSS safe.
--------------------------------------------------------------------------------
Update Information:
Update to upstream release 1.0, including fix for SA-CONTRIB-2012-054
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #808002 - Drupal's ctools 7.x-1.0 module has been released
https://bugzilla.redhat.com/show_bug.cgi?id=808002
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update drupal7-ctools' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke