| |||||||||||||||||||
Mageia alert MGASA-2012-0366 (drupal)
MGASA-2012-0366 Date: December 26th, 2012 Affected releases: 2 Description: Updated drupal packages fix security vulnerabilities: A vulnerability was identified that allows blocked users to appear in user search results, even when the search results are viewed by unprivileged users (CVE-2012-5651). Drupal core's file upload feature blocks the upload of many files that can be executed on the server by munging the filename. A malicious user could name a file in a manner that bypasses this munging of the filename in Drupal's input validation (CVE-2012-5653). The drupal package has been updated to latest version 7.18 to fix above vulnerabilities. Updated Packages: drupal-7.18-1.mga2 drupal-mysql-7.18-1.mga2 drupal-postgresql-7.18-1.mga2 drupal-sqlite-7.18-1.mga2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5653 http://drupal.org/SA-CORE-2012-004 https://bugs.mageia.org/show_bug.cgi?id=8442 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-... (Log in to post comments)
|
|||||||||||||||||||