Bug 528200 (CVE-2009-3648)

Summary: CVE-2009-3648 drupal-service_links: xss vulnerability
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: gwync
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3648
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-11-19 15:05:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 528201    
Bug Blocks:    

Description Vincent Danen 2009-10-09 18:13:49 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-3648 to
the following vulnerability:

Name: CVE-2009-3648
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3648
Assigned: 20091009
Reference: MISC: http://www.madirish.net/?article=251
Reference: BID:36584
Reference: URL: http://www.securityfocus.com/bid/36584
Reference: XF:servicelinks-content-type-xss(53633)
Reference: URL: http://xforce.iss.net/xforce/xfdb/53633

Cross-site scripting (XSS) vulnerability in Service Links 6.x-1.0, a
module for Drupal, allows remote authenticated users, with 'administer
content types' permissions, to inject arbitrary web script or HTML via
unspecified vectors when displaying content type names.


Checked drupal-service_links in CVS and this affects Fedora 10, 11, and rawhide.
Comment 2 Fedora Update System 2009-10-09 18:56:24 UTC 
drupal-service_links-6.x.1.0-5.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/drupal-service_links-6.x.1.0-5.fc11
Comment 3 Fedora Update System 2009-10-09 18:56:34 UTC 
drupal-service_links-6.x.1.0-5.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/drupal-service_links-6.x.1.0-5.fc10
Comment 4 Fedora Update System 2009-10-09 18:56:44 UTC 
drupal-service_links-6.x.1.0-5.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/drupal-service_links-6.x.1.0-5.fc12
Comment 5 Fedora Update System 2009-10-14 01:43:29 UTC 
drupal-service_links-6.x.1.0-5.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2009-10-14 01:52:05 UTC 
drupal-service_links-6.x.1.0-5.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.