Dette er en liste over sikkerheds annonceringer der er blevet frigivet for den aktuelle og stabile version af Frugalware
| Pakke: | drupal6 |
| Dato: | 2012-02-05 |
| Skrevet af: | Miklos Vajna |
| Sårbar version: | 6.22-1 |
| Ikke-berørt version: | 6.24-1mores1 |
| Bug sporings post: | https://bugs.frugalware.org/ticket/4654 |
| CVEs: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0825 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0826 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0827 |
| Beskrivelse: | A security issue and a vulnerability have been reported in Drupal, which can be exploited by malicious people to manipulate certain data and bypass certain security restrictions. 1) The security issue is caused due to the OpenID module not properly verifying the signature of Attribute Exchange (AX) information, which can be exploited to manipulate AX information. 2) An error in the File module when using certain field access modules can be exploited to download private files which would otherwise be restricted. |













