In association with heise online

18 March 2010, 15:04

Security updates for Drupal modules

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Drupal Logo The Drupal team has just released a whole heap of security advisories. Drupal's Email Input Filter, Keys and Tag Order modules all contain security vulnerabilities. Updated versions, in which the problems are fixed, are now available. Only Email Input Filter and Tag Order for Drupal 5 and 6 and Keys for Drupal 6 are affected.

The Drupal security team classifies the vulnerability in the Email Input Filter as critical, as it allows code to injected and executed on a server. Administrators who are affected by the problem should update to version 6.x-1.1 as soon as possible. The vulnerabilities in the Tag Order and Keys modules allow cross-site scripting and cross-site request forgeries respectively, meaning that attacks are directed against users rather than the server. Administrators should therefore also fix these vulnerabilities by installing the updates.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit