TITLE: Debian update for drupal SECUNIA ADVISORY ID: SA18630 VERIFY ADVISORY: http://secunia.com/advisories/18630/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting WHERE: >From remote OPERATING SYSTEM: Debian GNU/Linux unstable alias sid http://secunia.com/product/530/ Debian GNU/Linux 3.1 http://secunia.com/product/5307/ DESCRIPTION: Debian has issued an update for drupal. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, and conduct script insertion and HTTP response splitting attacks. For more information: SA17824 SOLUTION: Apply updated packages. -- Debian GNU/Linux 3.1 alias sarge -- Source archives: http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-5.dsc Size/MD5 checksum: 609 55d91c43600aa680ba52b17c717ea8e3 http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-5.diff.gz Size/MD5 checksum: 80360 5349b33da1964a91340d7e98db1fc924 http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3.orig.tar.gz Size/MD5 checksum: 471540 bf093c4c8aca7bba62833ea1df35702f Architecture independent components: http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-5_all.deb Size/MD5 checksum: 501814 925cd8f84b2ec34f98663d849816066b -- Debian GNU/Linux unstable alias sid -- Fixed in version 4.5.6-1. ORIGINAL ADVISORY: http://www.debian.org/security/2006/dsa-958 OTHER REFERENCES: SA17824: http://secunia.com/advisories/17824/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------