|
|
Subscribe / Log in / New account

Mageia alert MGASA-2015-0253 (drupal)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2015-0253: Updated drupal package fixes security vulnerability 


Date:
    	      Wed, 1 Jul 2015 14:40:51 +0200


Message-ID:
    	      <20150701124052.083114169E@valstar.mageia.org>


MGASA-2015-0253 - Updated drupal package fixes security vulnerability

Publication date: 01 Jul 2015
URL: http://advisories.mageia.org/MGASA-2015-0253.html
Type: security
Affected Mageia releases: 4, 5
CVE: CVE-2015-3231,
     CVE-2015-3232,
     CVE-2015-3233,
     CVE-2015-3234

Description:
Incorrect cache handling made private content viewed by "user 1" exposed
to   other, non-privileged users (CVE-2015-3231).

A flaw in the Field UI module made it possible for attackers to redirect
users to malicious sites (CVE-2015-3232).

Due to insufficient URL validation, the Overlay module could be used to
redirect users to malicious sites (CVE-2015-3233).

The OpenID module allowed an attacker to log in as other users, including
administrators (CVE-2015-3234).

References:
- https://bugs.mageia.org/show_bug.cgi?id=16147
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3231
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3232
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3233
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3234
- https://www.drupal.org/SA-CORE-2015-002
- https://www.drupal.org/drupal-7.36
- https://www.drupal.org/drupal-7.36-release-notes
- https://www.drupal.org/drupal-7.37
- https://www.drupal.org/drupal-7.37-release-notes
- https://www.drupal.org/drupal-7.38
- https://www.drupal.org/drupal-7.38-release-notes
- https://www.debian.org/security/2015/dsa-3291
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3231
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3232
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3233
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3234

SRPMS:
- 4/core/drupal-7.38-1.mga4
- 5/core/drupal-7.38-1.mga5
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds