Debian DSA-2113-1 Critical: Drupal6 Remote Access Breaches
debian
September 21, 2010
Several vulnerabilities have been discovered in drupal6 a fully-featured content management framework
Summary
Several vulnerabilities have been discovered in drupal6 a fully-featured
content management framework. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2010-3091
Several issues have been discovered in the OpenID module that allows
malicious access to user accounts.
CVE-2010-3092
The upload module includes a potential bypass of access restrictions due
to not checking letter case-sensitivity.
CVE-2010-3093
The comment module has a privilege escalation issue that allows certain
users to bypass limitations.
CVE-2010-3094
Several cross-site scripting (XSS) issues have been discovered in the
Action feature.
For the stable distribution (lenny), these problems have been fixed in
version 6.6-3lenny6.
For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 6.18-1.
We recommend that you upgrade your drupal6 packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: drupal6
CVE IDs: CVE-2010-3091 CVE-2010-3092 CVE-2010-3093 CVE-2010-3094
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!