| |||||||||||||||||||
Mageia alert MGASA-2013-0027 (drupal)
MGASA-2013-0027 Date: February 6th, 2013 Affected releases: 2 Media: Core Description: Multiple vulnerabilities were fixed in the supported Drupal core version 7 (DRUPAL-SA-CORE-2013-001). A reflected cross-site scripting vulnerability (XSS) was identified in certain Drupal JavaScript functions that pass unexpected user input into jQuery causing it to insert HTML into the page when the intended behavior is to select DOM elements. Multiple core and contributed modules are affected by this issue. A vulnerability was identified that exposes the title or, in some cases, the content of nodes that the user should not have access to. Drupal core provides the ability to have private files, including images. A vulnerability was identified in which derivative images (which Drupal automatically creates from these images based on "image styles" and which may differ, for example, in size or saturation) did not always receive the same protection. Under some circumstances, this would allow users to access image derivatives for images they should not be able to view. The drupal package was updated to latest version 7.19 to fix above vulnerabilities. Updated Packages: i586: drupal-7.19-1.mga2.noarch.rpm drupal-mysql-7.19-1.mga2.noarch.rpm drupal-postgresql-7.19-1.mga2.noarch.rpm drupal-sqlite-7.19-1.mga2.noarch.rpm x86_64: drupal-7.19-1.mga2.noarch.rpm drupal-mysql-7.19-1.mga2.noarch.rpm drupal-postgresql-7.19-1.mga2.noarch.rpm drupal-sqlite-7.19-1.mga2.noarch.rpm SRPMS: drupal-7.19-1.mga2.src.rpm References: https://bugs.mageia.org/show_bug.cgi?id=8733 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-... (Log in to post comments)
|
|||||||||||||||||||