Drupal 4.5.8 / 4.6.6 / 4.7.0-beta6 fix four security issues!

Tue, 2006-03-14 04:10 — Uwe Hermann

New versions of Drupal are out for the 4.5.x, the 4.6.x and the 4.7.0-beta branches which fix 4 (in words: four) security issues from four different categories, namely: access control bypassing, cross-site scripting, session fixation, and mail header injection.

All the gory details are available in the release announcement and the four advisories: DRUPAL-SA-2006-001, DRUPAL-SA-2006-002, DRUPAL-SA-2006-003, and DRUPAL-SA-2006-004.

Upgrade now!

Warning: If you're using 4.5.x, the patches for DRUPAL-SA-2006-003 will not fix the security issue immediately. You have two options: a) upgrade to 4.6.6 instead of 4.5.8, or b) upgrade to PHP >= 4.3.2.

Comments

Thu, 2007-01-18 13:55 — David Montgomery (not verified)

New Version released

The new version of Drupal was released on the 15th January. The security issues appear to have been dealt with. You can download the new version here: http://ftp.osuosl.org/pub/drupal/files/projects/drupal-5.0.tar.gz

Sat, 2006-11-18 07:37 — Jim Bouree (not verified)

Security Advocate

This is good. Drupal knows how to get the people. People look after security and Drupal was good at that. I myself am a security advocate. I am always considering my security over the Internet the same way I am
Considering Home Security Systems for my own home.

Jim Bouree
http://www.gethomesecurity.info/

Thu, 2006-03-30 15:09 — Robert Merkel (not verified)

Unofficial debs for the 4.6.x series

Do you know if anybody is maintaining unofficial debian packages for the Drupal 4.6.x series?

Fri, 2006-03-31 17:33 — Uwe Hermann

Drupal 4.6 Debian package

Nope, sorry, I don't know of such packages...

Uwe Hermann | A slightly paranoid Debian developer

Menu

Blog Tags

Latest image

Recent comments

My identi.ca posts

My Other Sites

Creative Commons

Subscribe

Statistics