Ispravljen je sigurnosni nedostatak u radu programskog paketa Drupal, odnosno njegovog modula Drupal-views, distribuiranog s operacijskim sustavima Fedora 13 i 14. Riječ je o modulu namijenjenom kontroli prikaza pojedinih sadržaja. Nedostatak se javlja zbog neodgovarajuće obrade određenih ulaznih podataka prije vraćanja korisniku. Udaljeni ga napadač može iskoristiti za izvođenje XSS (eng. Cross Site Scripting) napada. Svi se korisnici potiču na primjenu novih, ispravljenih inačica spomenutog paketa.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-19009
2010-12-17 07:53:07
--------------------------------------------------------------------------------
Name : drupal-views
Product : Fedora 14
Version : 6.x.2.12
Release : 1.fc14
URL : http://drupal.org/project/views
Summary : Provides a method for site designers to control content
presentation
Description :
The views module provides a flexible method for Drupal site designers
to control how lists of content (nodes) are presented. Traditionally,
Drupal has hard-coded most of this, particularly in how taxonomy and
tracker lists are formatted.
This tool is essentially a smart query builder that, given enough
information, can build the proper query, execute it, and display the
results. It has four modes, plus a special mode, and provides an
impressive amount of functionality from these modes.
--------------------------------------------------------------------------------
Update Information:
New upstream version fixing DRUPAL-SA-CONTRIB-2010-111:
http://drupal.org/node/999380
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 16 2010 Jon Ciesla <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 6.x.2.12-1
- New upstream, fixes SA-CONTRIB-2010-111.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update drupal-views' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-18927
2010-12-17 07:50:10
--------------------------------------------------------------------------------
Name : drupal-views
Product : Fedora 13
Version : 6.x.2.12
Release : 1.fc13
URL : http://drupal.org/project/views
Summary : Provides a method for site designers to control content
presentation
Description :
The views module provides a flexible method for Drupal site designers
to control how lists of content (nodes) are presented. Traditionally,
Drupal has hard-coded most of this, particularly in how taxonomy and
tracker lists are formatted.
This tool is essentially a smart query builder that, given enough
information, can build the proper query, execute it, and display the
results. It has four modes, plus a special mode, and provides an
impressive amount of functionality from these modes.
--------------------------------------------------------------------------------
Update Information:
New upstream version fixing DRUPAL-SA-CONTRIB-2010-111:
http://drupal.org/node/999380
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 16 2010 Jon Ciesla <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 6.x.2.12-1
- New upstream, fixes SA-CONTRIB-2010-111.
* Fri Jun 18 2010 Jon Ciesla <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 6.x.2.11-1
- New upstream, fixes SA-CONTRIB-2010-067.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update drupal-views' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke