U radu programskih paketa drupal6-date i drupal7-ctools, za operacijski sustav Fedora 17, uočen je i ispravljen sigurnosni propust koji zlonamjernim korisnicima omogućuje izvođenje XSS napada.
Paket:
drupal6-date 2.x, drupal7-ctools 2.x
Operacijski sustavi:
Fedora 17
Problem:
XSS
Iskorištavanje:
udaljeno
Posljedica:
umetanje HTML i skriptnog koda
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2012-2082
Izvorni ID preporuke:
FEDORA-2012-4475
Izvor:
Fedora
Problem:
Propust je posljedica neodgovarajućeg filtriranja korisničkih potpisa pri prikazivanju komentara.
Posljedica:
Napadači ga mogu iskoristiti za izvođenje XSS (eng. Cross Site Scripting) napada.
Rješenje:
Korisnicima se preporuča korištenje ispravljenih inačica.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-4475
2012-03-23 00:30:10
--------------------------------------------------------------------------------
Name : drupal6-date
Product : Fedora 17
Version : 2.8
Release : 1.fc17
URL : http://drupal.org/project/date
Summary : This package contains both the Date module and a Date API module
Description :
The Date API is available to be used by other modules and is not dependent
on having CCK installed. The date module is a flexible date/time field
type for the cck content module which requires the CCK content.module and
the Date API module.
--------------------------------------------------------------------------------
Update Information:
New upstream, security fixes.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update drupal6-date' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-4881
2012-03-30 02:52:23
--------------------------------------------------------------------------------
Name : drupal7-ctools
Product : Fedora 17
Version : 1.0
Release : 1.fc17
URL : http://drupal.org/project/ctools
Summary : This suite is primarily a set of APIs and tools for other Drupal
modules
Description :
This suite is primarily a set of APIs and tools
to improve the developer experience.
It also contains a module called the Page Manager whose job is to manage pages.
In particular it manages panel pages,
but as it grows it will be able to manage far more than just Panels.
For the moment, it includes the following tools:
Plug-ins -- tools to make it easy for modules
to let other modules implement plug-ins from .inc files.
Ex-portables -- tools to make it easier for modules to have objects
that live in database or live in code, such as 'default views'.
AJAX responder -- tools to make it easier for the server to handle AJAX requests
and tell the client what to do with them.
Form tools -- tools to make it easier for forms to deal with AJAX.
Object caching -- tool to make it easier to edit an object
across multiple page requests and cache the editing work.
Contexts -- the notion of wrapping objects in a unified wrapper
and providing an API to create and accept these contexts as input.
Modal dialog -- tool to make it simple to put a form in a modal dialog.
Dependent -- a simple form widget to make form items appear
and disappear based upon the selections in another item.
Content -- plug-gable content types used as panes in Panels
and other modules like Dashboard.
Form wizard -- an API to make multiple-step forms much easier.
CSS tools -- tools to cache and sanitize CSS easily to make user-input CSS safe.
--------------------------------------------------------------------------------
Update Information:
Update to upstream release 1.0, including fix for SA-CONTRIB-2012-054
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #808002 - Drupal's ctools 7.x-1.0 module has been released
https://bugzilla.redhat.com/show_bug.cgi?id=808002
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update drupal7-ctools' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke