Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 3 articles for you...
89
security advisoryfedorasecurity fixFedora 24: 2016:0014 Moderate: drupal6-emfield Access Bypass
### 6.x-2.7 Fixes [Embedded Media Field - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2016-004]() #### Changes since 6.x-2.6: * by dalin: Ensure that width and height are always numbers. * \#1868588 by tangent: URL detection regex does not match hyphens / breaks HTML markup. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-f0bb0dad51 2016-03-27 00:00:51.401145 -------------------------------------------------------------------------------- Name : drupal6-emfield Product : Fedora 24 Version : 2.7 Release : 1.fc24 URL : Summary : An engine for modules to integrate various 3rd party media content providersDescription : This extensible module will create fields for content types that can be used to display video, image, and audio files from various third party providers. When entering the content, the user will simply paste the URL or embed code from the third party, and the module will automatically determine which content provider is being used. When displaying the content, the proper embedding format will be used. The module is only an engine, and requires a supported module to function. These include 'Embedded Image Field', 'Embedded Video Field' and 'Embedded Audio Field'. These modules are included in the contrib folder of the module, so they can be easily activated from the module administration page. Please note: As of emfield 2.x, provider files for these modules are no longer included with the main emfield module, and must be downloaded separately. This package provides the following Drupal modules: * emaudio * embonus * emfield * emimage * eminline * emthumb * emvideo * emwave -------------------------------------------------------------------------------- Update Information: ### 6.x-2.7 Fixes [Embedded Media Field - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2016-004]() #### Changes since 6.x-2.6: * by dalin: Ensure that width and height are always numbers.* \#1868588 by tangent: URL detection regex does not match hyphens / breaks HTML markup -------------------------------------------------------------------------------- References: [ 1 ] Bug #1306475 - drupal6-emfield-2.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1306475 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update drupal6-emfield' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Mar 27, 2016
Fedora
89
security advisoryfedoraupdateFedora 23: drupal6-emfield Update - Moderate Access Bypass Issue
### 6.x-2.7 Fixes [Embedded Media Field - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2016-004]() #### Changes since 6.x-2.6: * by dalin: Ensure that width and height are always numbers. * \#1868588 by tangent: URL detection regex does not match hyphens / breaks HTML markup. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-592f23fb74 2016-03-19 22:17:41.316479 -------------------------------------------------------------------------------- Name : drupal6-emfield Product : Fedora 23 Version : 2.7 Release : 1.fc23 URL : Summary : An engine for modules to integrate various 3rd party media content providersDescription : This extensible module will create fields for content types that can be used to display video, image, and audio files from various third party providers. When entering the content, the user will simply paste the URL or embed code from the third party, and the module will automatically determine which content provider is being used. When displaying the content, the proper embedding format will be used. The module is only an engine, and requires a supported module to function. These include 'Embedded Image Field', 'Embedded Video Field' and 'Embedded Audio Field'. These modules are included in the contrib folder of the module, so they can be easily activated from the module administration page. Please note: As of emfield 2.x, provider files for these modules are no longer included with the main emfield module, and must be downloaded separately. This package provides the following Drupal modules: * emaudio * embonus * emfield * emimage * eminline * emthumb * emvideo * emwave -------------------------------------------------------------------------------- Update Information: ### 6.x-2.7 Fixes [Embedded Media Field - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2016-004]() #### Changes since 6.x-2.6: * by dalin: Ensure that width and height are always numbers.* \#1868588 by tangent: URL detection regex does not match hyphens / breaks HTML markup -------------------------------------------------------------------------------- References: [ 1 ] Bug #1306475 - drupal6-emfield-2.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1306475 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update drupal6-emfield' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Mar 20, 2016
Fedora
89
security advisorymoderatesecurity updateFedora 23: FEDORA-2015-14329 Moderate: Drupal6-CTools Critical Issues
**See [Ctools - Critical - Multiple Vulnerabilities - SA-CONTRIB-2015-141.]() **This is an incremental security and bugfix release for ctools.** Looking to fix future D6 CTools issues? Find japerry or merlinofchaos in #drupal-scotch, #drupal- contribute, or #drupal-panels -- and become a maintainer for D6 CTools. Changes. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-14329 2015-09-06 17:04:34.358810 -------------------------------------------------------------------------------- Name : drupal6-ctools Product : Fedora 23 Version : 1.14 Release : 1.fc23 URL : Summary : Primarily a set of APIs and tools to improve the developer experience Description : This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pages. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it includes the following tools: * Plugins -- tools to make it easy for modules to let other modules implement plugins from .inc files. * Exportables -- tools to make it easier for modules to have objects that live in database or live in code, such as 'default views'. * AJAX responder -- tools to make it easier for the server to handle AJAX requests and tell the client what to do with them. * Form tools -- tools to make it easier for forms to deal with AJAX. * Object caching -- tool to make it easier to edit an object across multiple page requests and cache the editing work. * Contexts -- the notion of wrapping objects in a unified wrapper and providing an API to create and accept these contexts as input. * Modal dialog -- tool to make it simple to put a form in a modal dialog. * Dependent -- a simple form widget to make form items appear and disappear based upon the selections in another item. * Content -- pluggable content types used as panesin Panels and other modules like Dashboard. * Form wizard -- an API to make multi-step forms much easier. * CSS tools -- tools to cache and sanitize CSS easily to make user-input CSS safe. This package provides the following Drupal modules: * bulk_export * ctools * ctools_access_ruleset * ctools_ajax_sample * ctools_custom_content * ctools_plugin_example * page_manager * stylizer * views_content -------------------------------------------------------------------------------- Update Information: **See [Ctools - Critical - Multiple Vulnerabilities - SA- CONTRIB-2015-141.]() **This is an incremental security and bugfix release for ctools.** Looking to fix future D6 CTools issues? Find japerry or merlinofchaos in #drupal-scotch, #drupal- contribute, or #drupal-panels -- and become a maintainer for D6 CTools. Changes since 6.x-1.13: * Harden AJAX link handling * Content type plugins do not properly inherit "edit" permission * Various lint fixes * Fix typo * Issue \#2512850 by DamienMcKenna, mw4ll4c3: PHP 5.4+ compatibility * Issue \#2010124 by davidwhthomas: ctools_access_get_loggedin_context doesn't fully load current user in context -------------------------------------------------------------------------------- References: [ 1 ] Bug #1256131 - drupal6-ctools-1.14 is available https://bugzilla.redhat.com/show_bug.cgi?id=1256131 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update drupal6-ctools' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailinglist
Sep 06, 2015
•Important
Fedora
89
security advisorysecurity issuecriticalFedora 21 Advisory: drupal6 Critical Update for Multiple Issues
Maintenance and security release of the Drupal 6 series. This release fixes **security vulnerabilities**. Sites are [urged to upgrade immediately]() after reading the notes below and the security announcement: [Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2015-003]() No. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-14442 2015-09-06 02:02:39.293012 -------------------------------------------------------------------------------- Name : drupal6 Product : Fedora 21 Version : 6.37 Release : 1.fc21 URL : Summary : An open-source content-management platform Description : Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. -------------------------------------------------------------------------------- Update Information: Maintenance and security release of the Drupal 6 series. This release fixes **security vulnerabilities**. Sites are [urged to upgrade immediately]() after reading the notes below and the security announcement: [Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2015-003]() No other fixes are included. No changes have been made to the .htaccess, robots.txt or default settings.php files in this release, so upgrading custom versions of those files is not necessary. #### Known issues: None. #### Major changes since 6.36: * For security reasons, the autocomplete system now makes Ajax requests to non-clean URLs only, although protection is also in place for custom code that does so using clean URLs. There is a new form API #process function on autocomplete-enabled text fields that is required for the autocomplete functionality to work; custom and contributed modules should ensure that they are not overriding this #process function accidentally when altering textfields on forms. Part of the security fix also includes changes to theme_textfield(); it is recommended that sites which override this theme function make those changes as well (see the theme_textfield section of this diff for details). * When form API token validation fails (for example, when a cross-site request forgery attempt is detected, or a user tries to submit a form after having logged out and back in again in the meantime), the form API now skips calling form element value callbacks, except for a select list of callbacks provided by Drupal core that are known to be safe. In rare cases, this could lead to data loss when a user submits a form and receives a token validation error, but the overall effect is expected to be minor. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1255662 - CVE-2015-6658 CVE-2015-6659 CVE-2015-6660 CVE-2015-6661 CVE-2015-6665 drupal: Several issues in 6.x and 7.x (SA-CORE-2015-003) https://bugzilla.redhat.com/show_bug.cgi?id=1255662 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update drupal6' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Sep 06, 2015
•Critical
Fedora
89
security advisorycritical issueFedoraFedora 22 Update: Critical Security Fix for drupal6-views_bulk_operations
## 6.x-1.17 Fixes #2516976: Fix security issue and make release to bring back D6 releases.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-13758 2015-09-06 02:02:43.949623 -------------------------------------------------------------------------------- Name : drupal6-views_bulk_operations Product : Fedora 22 Version : 1.17 Release : 1.fc22 URL : https://www.drupal.org/project/views_bulk_operations Summary : Augments Views by allowing bulk operations to be executed Description : This module augments Views by allowing bulk operations to be executed on the displayed rows. It does so by showing a checkbox in front of each node, and adding a select box containing operations that can be applied. Drupal Core or Rules actions can be used. This package provides the following Drupal modules: * views_bulk_operations * actions_permissions -------------------------------------------------------------------------------- Update Information: ## 6.x-1.17 Fixes #2516976: Fix security issue and make release to bring back D6 releases. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1250276 - drupal6-views_bulk_operations-1.17 is available https://bugzilla.redhat.com/show_bug.cgi?id=1250276 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update drupal6-views_bulk_operations' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailinglist
Sep 06, 2015
•Critical
Fedora
87
security advisorysecurity issuecriticalDebian: DSA-2914-1 Critical: Drupal6 Information Exposure
An information disclosure vulnerability was discovered in Drupal, a fully-featured content management framework. When pages are cached for anonymous users, form state may leak between anonymous users. Sensitive or private information recorded for one anonymous user could thus be . - ------------------------------------------------------------------------- Debian Security Advisory DSA-2914-1
Apr 25, 2014
•Critical
Debian
87
security advisorycriticalremoteDebian: DSA-2851-1 Critical: Drupal6 Account Hijack Impersonation
Christian Mainka and Vladislav Mladenov reported a vulnerability in the OpenID module of Drupal, a fully-featured content management framework. A malicious user could exploit this flaw to log in as other users on the site, including administrators, and hijack their accounts. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-2851-1
Feb 02, 2014
•Critical
Debian
87
security advisorydebiancross-site scriptingDebian: DSA-2776-1 moderate: Drupal 6 Remote Information Leak Alert
Multiple vulnerabilities have been been fixed in the Drupal content management framework, resulting in information disclosure, insufficient validation, cross-site scripting and cross-site request forgery. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2776-1
Oct 11, 2013
Debian
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!