Secunia Security Advisory - Debian has issued an update for drupal. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, and conduct script insertion and HTTP response splitting attacks.
47721504723aafd407f6fb93d45d5980d9b8de189f6090026b86f68a4fa3cf69
TITLE:
Debian update for drupal
SECUNIA ADVISORY ID:
SA18630
VERIFY ADVISORY:
http://secunia.com/advisories/18630/
CRITICAL:
Moderately critical
IMPACT:
Security Bypass, Cross Site Scripting
WHERE:
>From remote
OPERATING SYSTEM:
Debian GNU/Linux unstable alias sid
http://secunia.com/product/530/
Debian GNU/Linux 3.1
http://secunia.com/product/5307/
DESCRIPTION:
Debian has issued an update for drupal. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, and conduct script insertion and HTTP
response splitting attacks.
For more information:
SA17824
SOLUTION:
Apply updated packages.
-- Debian GNU/Linux 3.1 alias sarge --
Source archives:
http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-5.dsc
Size/MD5 checksum: 609 55d91c43600aa680ba52b17c717ea8e3
http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-5.diff.gz
Size/MD5 checksum: 80360 5349b33da1964a91340d7e98db1fc924
http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3.orig.tar.gz
Size/MD5 checksum: 471540 bf093c4c8aca7bba62833ea1df35702f
Architecture independent components:
http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-5_all.deb
Size/MD5 checksum: 501814 925cd8f84b2ec34f98663d849816066b
-- Debian GNU/Linux unstable alias sid --
Fixed in version 4.5.6-1.
ORIGINAL ADVISORY:
http://www.debian.org/security/2006/dsa-958
OTHER REFERENCES:
SA17824:
http://secunia.com/advisories/17824/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------