Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Fedora 22 Critical Advisory: XSS Fix for Drupal Block Class Module

fedora
Calendar Grey April 22, 2016
Dist Fedora Esm H88
The Ubuntu 18.04 patch resolves a significant CSRF vulnerability in WordPress's Theme Editor feature to boost platform protection.
### 7.x-2.3 * The security update 2.2 broke very common class names, see [#2636548: upgrade to 2.2 converts class underscore to dash]() ### 7.x-2.2 * Fixes [Block Class- Critical -...

Summary

Block Class allows users to add classes to any block through the block's

configuration interface. By adding a very short snippet of PHP to a theme's

block.tpl.php file, classes can be added to the parent

element of a block.

This package provides the following Drupal module:

* block_class

Update Information:

### 7.x-2.3 * The security update 2.2 broke very common class names, see [#2636548: upgrade to 2.2 converts class underscore to dash]() ### 7.x-2.2 * Fixes [Block Class- Critical - Cross Site Scripting (XSS) - SA- CONTRIB-2015-175]()

Change Log

References


[ 1 ] Bug #1327669 - CVE-2016-3144 drupal7-block_class: cross site scripting https://bugzilla.redhat.com/show_bug.cgi?id=1327669

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update drupal7-block_class' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: drupal7-block_class
Product: Fedora 22
Version: 2.3
Release: 1.fc22
URL:
Summary: Allows users to add classes via block configuration interface

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.