LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Kernel prepatch 3.9-rc6

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

drupal: multiple vulnerabilities

Package(s):drupal CVE #(s):CVE-2012-5651 CVE-2012-5653
Created:December 28, 2012 Updated:January 7, 2013
Description:

From the Mageia advisory:

A vulnerability was identified that allows blocked users to appear in user search results, even when the search results are viewed by unprivileged users (CVE-2012-5651).

Drupal core's file upload feature blocks the upload of many files that can be executed on the server by munging the filename. A malicious user could name a file in a manner that bypasses this munging of the filename in Drupal's input validation (CVE-2012-5653).

Alerts:
Mageia MGASA-2012-0366 2012-12-26
Fedora FEDORA-2012-20766 2013-01-05
Fedora FEDORA-2012-20794 2013-01-05
Fedora FEDORA-2012-20766 2013-01-05
Fedora FEDORA-2012-20794 2013-01-05
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds