FEDORA-2015-14444

security update in Fedora 22 for drupal6

Status: stable 2 years ago

Maintenance and security release of the Drupal 6 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2015-003 No other fixes are included.

No changes have been made to the .htaccess, robots.txt or default settings.php files in this release, so upgrading custom versions of those files is not necessary.

Known issues:

None.

Major changes since 6.36:

  • For security reasons, the autocomplete system now makes Ajax requests to non-clean URLs only, although protection is also in place for custom code that does so using clean URLs. There is a new form API #process function on autocomplete-enabled text fields that is required for the autocomplete functionality to work; custom and contributed modules should ensure that they are not overriding this #process function accidentally when altering text fields on forms. Part of the security fix also includes changes to theme_textfield(); it is recommended that sites which override this theme function make those changes as well (see the theme_textfield section of this diff for details).
  • When form API token validation fails (for example, when a cross-site request forgery attempt is detected, or a user tries to submit a form after having logged out and back in again in the meantime), the form API now skips calling form element value callbacks, except for a select list of callbacks provided by Drupal core that are known to be safe. In rare cases, this could lead to data loss when a user submits a form and receives a token validation error, but the overall effect is expected to be minor.

Comments 4

This update has been submitted for testing by siwinski.

This update has been pushed to testing

This update has been submitted for stable by siwinski.

This update has been pushed to stable.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown.

-1 0 +1 Feedback Guidelines
#1255662 CVE-2015-6658 CVE-2015-6659 CVE-2015-6660 CVE-2015-6661 CVE-2015-6665 drupal: Several issues in 6.x and 7.x (SA-CORE-2015-003)
#1255671 CVE-2015-6658 CVE-2015-6659 CVE-2015-6660 CVE-2015-6661 CVE-2015-6665 drupal6: drupal: Several issues in 6.x and 7.x (SA-CORE-2015-003) [fedora-all]
#1256140 drupal6-6.37 is available
Is the update generally functional?
Content Type
RPM
Status
stable
Submitted by
Update Type
security
Update Severity
high
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago

Related Bugs 3

00 #1255662 CVE-2015-6658 CVE-2015-6659 CVE-2015-6660 CVE-2015-6661 CVE-2015-6665 drupal: Several issues in 6.x and 7.x (SA-CORE-2015-003)
00 #1255671 CVE-2015-6658 CVE-2015-6659 CVE-2015-6660 CVE-2015-6661 CVE-2015-6665 drupal6: drupal: Several issues in 6.x and 7.x (SA-CORE-2015-003) [fedora-all]
00 #1256140 drupal6-6.37 is available

Automated Test Results