Update Your Drupal Installs To 4.5.7, 4.6.6, or 4.7.0-beta6

Submitted by Taran on Mon, 03/13/2006 - 23:28

For those of you using who haven't seen the new or the notice of , wake up and smell the upgrades. None of the upgrades seem like threats which would be made possible by uneducated script kiddies - but they can copy and paste with the best of them, and the vulnerabilities are now public. Do the math.

The upgrades fix the vulnerabilities below.

The Mail header injection vulnerability can have your site spamming people. That's a pretty big deal, almost as bad as people who still use Microsoft Outlook and Internet Explorer.

The Session fixation vulnerability could allow hijacking of your password. Naughty Naughty.

XSS Vulnerabilities decreases the possibility of cross-site scripting (XSS).

Last, and maybe least, is the Security bypass in menu.module.

Go .

I just upgraded about half a dozen sites from 4.6.5; no problems with the upgrades that weren't related to customization on my side happened.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Easily link to terms in various wikis. For help, see <a href="/interwiki/3">interwiki</a>.

More information about formatting options

CAPTCHA
Sorry, but you are required to have some math knowledge to use the internet.
8 + 5 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.

Syndicate content