DSA-2828-1 drupal6 -- severalID: oval:org.secpod.oval:def:601180 | Date: (C)2014-01-08 (M)2022-10-10 |
Class: PATCH | Family: unix |
Multiple vulnerabilities have been discovered in Drupal, a fully-featured content management framework: vulnerabilities due to optimistic cross-site request forgery protection, insecure pseudo random number generation, code execution and incorrect security token validation. In order to avoid the remote code execution vulnerability, it is recommended to create a .htaccess file in each of your sites" "files" directories . Please refer to the NEWS file provided with this update and the upstream advisory at https://drupal.org/SA-CORE-2013-003 for further information.