[Frugalware-security] [ FSA-86 ] drupal
voroskoi
noreply at frugalware.org
Thu Jan 11 18:07:38 CET 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Frugalware Security Advisory FSA-86
Date: 2007-01-11
Package: drupal
Vulnerable versions: <= 4.7.3-2siwenna1
Unaffected versions: >= 4.7.5-1siwenna1
Related bugreport: http://bugs.frugalware.org/task/1589
CVE: There is no CVE for this issue, see: http://secunia.com/advisories/23586
Description
===========
A weakness has been reported in Drupal, which can be exploited by malicious users to conduct spoofing attacks.
The weakness is caused due to an unspecified error and can be exploited to change the page cache so existing pages return "page not found" errors.
Successful exploitation requires valid user credentials with the ability to post content. It also requires the page cache to be enabled and that MySQL is used.
Updated Packages
================
Check if you have drupal installed:
# pacman -Q drupal
If found, then you should upgrade to the latest version:
# pacman -Sy drupal
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info
iD8DBQFFpm7aZ7NElSD1VhkRAicWAKCPRHchWBHfikb9hG6JP3Zi4o9aXQCgoyk8
1MAywwJMihJF3Ygk3A4Jte8=
=8DbF
-----END PGP SIGNATURE-----
More information about the Frugalware-security
mailing list