FreeBSD : drupal -- multiple vulnerabilities (d9649816-5e0d-11e3-8d23-3c970e169bc2)
High Nessus Plugin ID 71239
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionDrupal Security Team reports :
Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7.
- Multiple vulnerabilities due to optimistic cross-site request forgery protection (Form API validation - Drupal 6 and 7)
- Multiple vulnerabilities due to weakness in pseudorandom number generation using mt_rand() (Form API, OpenID and random password generation - Drupal 6 and 7)
- Code execution prevention (Files directory .htaccess for Apache - Drupal 6 and 7)
- Access bypass (Security token validation - Drupal 6 and 7)
- Cross-site scripting (Image module - Drupal 7)
- Cross-site scripting (Color module - Drupal 7)
- Open redirect (Overlay module - Drupal 7)
SolutionUpdate the affected packages.