Debian: DSA-1808-1 Moderate: Drupal6 Cross-Site Scripting Threat
debian
June 2, 2009
Markus Petrux discovered a cross-site scripting vulnerability in the taxonomy module of drupal6, a fully-featured content management framework
Summary
Markus Petrux discovered a cross-site scripting vulnerability in the
taxonomy module of drupal6, a fully-featured content management
framework. It is also possible that certain browsers using the UTF-7
encoding are vulnerable to a different cross-site scripting
vulnerability.
For the stable distribution (lenny), these problems have been fixed in
version 6.6-3lenny2.
The oldstable distribution (etch) does not contain drupal6.
For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 6.11-1.1.
We recommend that you upgrade your drupal6 packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources f...
PREVIOUS
NEXT
Package: drupal6
CVE ID: no CVE id yet
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!