Cross-site request forgery (CSRF) vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address (updateemail action). http://www.htbridge.ch/advisory/xsrf_csrf_in_zikula_application_framework.html http://community.zikula.org/index.php?module=News&func=display&sid=3012&title=zikula-1.2.3-release-announcement
Created zikula tracking bugs for this issue Affects: fedora-all [bug 589292]
zikula-1.2.3-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/zikula-1.2.3-1.fc12
zikula-1.2.3-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/zikula-1.2.3-1.fc11
zikula-1.2.3-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/zikula-1.2.3-1.fc13
zikula-1.2.3-1.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/zikula-1.2.3-1.el5
zikula-1.2.3-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
zikula-1.2.3-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.