LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for January 8, 2009

Btrfs aims for the mainline

The Android Dev Phone 1

LWN.net Weekly Edition for December 25, 2008

The Grumpy Editor's 2008 retrospective

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Fedora alert FEDORA-2007-2649 (drupal)



From:
    	      updates@fedoraproject.org


To:
    	      fedora-package-announce@redhat.com


Subject:
    	      [SECURITY] Fedora 7 Update: drupal-5.3-1.fc7


Date:
    	      Wed, 24 Oct 2007 00:15:27 -0700


Message-ID:
    	      <200710240715.l9O7FQja023071@bastion.fedora.phx.redhat.com>


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-2649
2007-10-24 07:15:23.618844
--------------------------------------------------------------------------------

Name        : drupal
Product     : Fedora 7
Version     : 5.3
Release     : 1.fc7
URL         : http://www.drupal.org
Summary     : An open-source content-management platform
Description :
Equipped with a powerful blend of features, Drupal is a Content Management
System written in PHP that can support a variety of websites ranging from
personal weblogs to large community-driven websites.  Drupal is highly
configurable, skinnable, and secure.

--------------------------------------------------------------------------------
Update Information:

- Upgrade to 5.3, fixes:
- HTTP response splitting.
- Arbitrary code execution.
- Cross-site scripting.
- Cross-site request forgery.
- Access bypass.

Remember to log in to your site as the admin user before upgrading this package.  After upgrading
the package, browse to http://host/drupal/update.php to run the upgrade script.
--------------------------------------------------------------------------------
References:

  [ 1 ] CVE-2007-5593
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
  [ 2 ] CVE-2007-5594
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
  [ 3 ] CVE-2007-5595
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
  [ 4 ] CVE-2007-5596
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
  [ 5 ] CVE-2007-5597
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
--------------------------------------------------------------------------------
Updated packages:

41c95f8bb4ba179a7307a6fc62cf37bb95924371 drupal-5.3-1.fc7.noarch.rpm
f5cf193c22cec390c1165dcf75ac6f2c378afce9 drupal-5.3-1.fc7.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update drupal' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds