[Frugalware-security] [ FSA-86 ] drupal
noreply at frugalware.org
Thu Jan 11 18:07:38 CET 2007
-----BEGIN PGP SIGNED MESSAGE-----
Frugalware Security Advisory FSA-86
Vulnerable versions: <= 4.7.3-2siwenna1
Unaffected versions: >= 4.7.5-1siwenna1
Related bugreport: http://bugs.frugalware.org/task/1589
CVE: There is no CVE for this issue, see: http://secunia.com/advisories/23586
A weakness has been reported in Drupal, which can be exploited by malicious users to conduct spoofing attacks.
The weakness is caused due to an unspecified error and can be exploited to change the page cache so existing pages return "page not found" errors.
Successful exploitation requires valid user credentials with the ability to post content. It also requires the page cache to be enabled and that MySQL is used.
Check if you have drupal installed:
# pacman -Q drupal
If found, then you should upgrade to the latest version:
# pacman -Sy drupal
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info
-----END PGP SIGNATURE-----
More information about the Frugalware-security