Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 3897-1] drupal7 security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 3897-1] drupal7 security update


Chronologisch Thread 
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 3897-1] drupal7 security update
  • Date: Sat, 24 Jun 2017 05:31:02 +0000
  • List-archive: https://lists.debian.org/msgid-search/E1dOdew-0007He-3G AT master.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <carnil AT master.debian.org>
  • Priority: urgent
  • Resent-date: Sat, 24 Jun 2017 05:31:22 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <4rcidwFmbmO.A.8tB.qkfTZB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3897-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
June 24, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : drupal7
CVE ID : CVE-2015-7943 CVE-2017-6922
Debian Bug : 865498

Two vulnerabilities were discovered in Drupal, a fully-featured content
management framework. The Common Vulnerabilities and Exposures project
identifies the following issues:

CVE-2015-7943

Samuel Mortenson and Pere Orga discovered that the overlay module
does not sufficiently validate URLs prior to displaying their
contents, leading to an open redirect vulnerability.

More information can be found at
https://www.drupal.org/SA-CORE-2015-004

CVE-2017-6922

Greg Knaddison, Mori Sugimoto and iancawthorne discovered that files
uploaded by anonymous users into a private file system can be
accessed by other anonymous users leading to an access bypass
vulnerability.

More information can be found at
https://www.drupal.org/SA-CORE-2017-003

For the oldstable distribution (jessie), these problems have been fixed
in version 7.32-1+deb8u9.

For the stable distribution (stretch), these problems have been fixed in
version 7.52-2+deb9u1. For the stable distribution (stretch),
CVE-2015-7943 was already fixed before the initial release.

We recommend that you upgrade your drupal7 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAllN9+FfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0RsPw/+OI+sKb7Tug9hTpQSFiBNVkBqUCd3pvBofmVvu+peF/YTIL6iY/b9Gi5o
Q86Jzj9Fnnv8rRVgVDuWWsUMi+hOcu8DzUEiEFB181rsU52xJX+CI5jvgjTRqr3R
JFC8iGEELc09bUccmfBzujYx7XvUkUrodhjxhdphfi2cLIs9l10RYZGQZMpKTG8A
MzC60GUCCWLbn20pvS2FgLPQSbMatS6kfT76xU7v2zpI78UDhuefqD9cFCqMNpA8
7sYyqIp+cLSS4abzfQFPjzbxqrsRlRwyS5WRIbFwxGefBJWDigDEOgwmAvjiHC17
lv6j7dgzdzJaGmsVdGjiKnG8GXMly5Jk7zA+c52LEkm9d5HsYX6mXwF6XLJypQT3
jDBpmBzyuZvBs8fZNNOv2Ym5X81BSDRx4LvFGMrkfrucZ6GEIHtxs4gPN4n/nfy8
+yhWG7tPqhnQQTyEV1aSBK5h0YwEpCkxRNEB4C8MjA69E8AhzEgu8bdiiKnGSjWP
lZzkOs1gFgM+J5CR1RdxNWRvuR3Evf3H7QH5aanYAGBlCwG08NoN0DHgmK1NaScK
kCD7wOWqe1eZxpjpP9KpZrloOBr1rLl5IDEUffDakNfzXnrFyNEnBth7sCvUimfR
ash56i1MHn7n39RflEqZ1cctr/Wf4fnsBcTbVNRTKLSL+GG1hAs=
=qpVD
-----END PGP SIGNATURE-----



  • [IT-SecNots] [SECURITY] [DSA 3897-1] drupal7 security update, Salvatore Bonaccorso, 24.06.2017

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang