CVE-2008-6532

Publication date 26 March 2009

Last updated 24 July 2024

Ubuntu priority

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old updates" that modify the database.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
drupal5	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Fixed 5.10-1ubuntu1.1
	8.04 LTS hardy	Fixed 5.7-1ubuntu1.2
	7.10 gutsy	Ignored end of life, was needed
	6.06 LTS dapper	Not in release
drupal6	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	7.10 gutsy	Not in release
	6.06 LTS dapper	Not in release

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

SA-2008-073

References

MITRE
NVD
Launchpad
Debian

Other references

http://drupal.org/node/345441
https://www.cve.org/CVERecord?id=CVE-2008-6532