TITLE: Debian update for drupal SECUNIA ADVISORY ID: SA19257 VERIFY ADVISORY: http://secunia.com/advisories/19257/ CRITICAL: Moderately critical IMPACT: Hijacking, Security Bypass, Cross Site Scripting, Manipulation of data WHERE: >From remote OPERATING SYSTEM: Debian GNU/Linux unstable alias sid http://secunia.com/product/530/ Debian GNU/Linux 3.1 http://secunia.com/product/5307/ DESCRIPTION: Debian has issued an update for drupal. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and session fixation attacks, and manipulate outgoing mails. For more information: SA19245 SOLUTION: Apply updated packages. -- Debian GNU/Linux 3.1 alias sarge -- Source archives: http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-6.dsc Size/MD5 checksum: 611 71b0ecbc47f9cca214a283ebec5e4600 http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-6.diff.gz Size/MD5 checksum: 82810 56bf3a054ca7430c85f50af7ae3927db http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3.orig.tar.gz Size/MD5 checksum: 471540 bf093c4c8aca7bba62833ea1df35702f Architecture independent components: http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-6_all.deb Size/MD5 checksum: 501428 94c1787a8eb5be13d6909f442e670cea -- Debian GNU/Linux unstable alias sid -- Fixed in version 4.5.8-1. ORIGINAL ADVISORY: http://www.debian.org/security/2006/dsa-1007 OTHER REFERENCES: SA19245: http://secunia.com/advisories/19245/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------