Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 11: DRUPAL-SA-CONTRIB-2009-057 Moderate: Cross Site Scripting

fedora
Calendar Grey September 18, 2009
Dist Fedora Esm H88
Recent Fedora patch for Drupal Date module resolves severe cross-site scripting vulnerability. Update now for stronger protection.
* Advisory ID: DRUPAL-SA-CONTRIB-2009-057 ( https://www.drupal.org/node/579144 ) * Project: Date (third-party module) * Version: 5.x, 6.x * Date: 2009-September-16 * Se...

Summary

The Date API is available to be used by other modules and is not dependent

on having CCK installed. The date module is a flexible date/time field

type for the cck content module which requires the CCK content.module and

the Date API module.

Update Information:

* Advisory ID: DRUPAL-SA-CONTRIB-2009-057 ( https:// ) * Project: Date (third-party module) * Version: 5.x, 6.x * Date: 2009-September-16 * Security risk: Moderately critical * Exploitable from: Remote * Vulnerability: Cross Site Scripting -------- DESCRIPTION provides a date CCK field that can be added to any content type. The Date module does not properly escape user data correctly in some cases when setting the page title. A malicious user with permission to post date content could attempt a cross site scripting [1] (XSS) attack when creating or editing content, leading to the user gaining full administrative access. -------- for Drupal 6.x prior to 6.x-2.4 * Date for Drupal 6.x prior to 5.x-2.8 Drupal core is not affected. If you do not use the contributed Date module, there is nothing you need to do. -------- SOLUTION latest version: * If you use Date for Drupal 6.x upgrade to Date 6.x-2.4 [2] * If you use Date for Drupal 5.x upgrade to Date 5.x-2.8...

Topics%20covered

Topics Covered

security advisory remote exploit Fedora cross site scripting moderate risk Drupal update Drupal module

Change Log

* Wed Sep 16 2009 Jon Ciesla - 6.x.2.4-0 - Update to new version. - Fix for DRUPAL-SA-CONTRIB-2009-057. * Wed Jul 29 2009 Jon Ciesla - 6.x.2.3-0 - Update to new version. - Fix for DRUPAL-SA-CONTRIB-2009-046. * Fri Jul 24 2009 Fedora Release Engineering - 6.x.2.0-2.rc4.2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

References

Fedora Update Notification FEDORA-2009-9736 2009-09-18 23:22:13
Name : drupal-date Product : Fedora 11 Version : 6.x.2.4 Release : 0.fc11 URL : https:// Summary : This package contains both the Date module and a Date API module Description : The Date API is available to be used by other modules and is not dependent on having CCK installed. The date module is a flexible date/time field type for the cck content module which requires the CCK content.module and the Date API module.

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update drupal-date' at the command line. For more information, refer to "Managing Software with yum", available at .

Name: drupal-date
Product: Fedora 11
Version: 6.x.2.4
Release: 0.fc11
URL: https://
Summary: This package contains both the Date module and a Date API module

Topics%20covered

Topics Covered

security advisory remote exploit Fedora cross site scripting moderate risk Drupal update Drupal module

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here