Ubuntu alert USN-6981-1 (drupal7)
| From: | Octavio Galland <octavio.galland@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-6981-1] Drupal vulnerabilities | |
| Date: | Tue, 27 Aug 2024 14:15:01 -0300 | |
| Message-ID: | <895ed9dc-f486-40b2-a1c7-27905bc7b68e@canonical.com> |
========================================================================== Ubuntu Security Notice USN-6981-1 August 27, 2024 drupal7 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Drupal could be made to crash or run programs if it received specially crafted network traffic. Software Description: - drupal7: fully-featured content management framework Details: It was discovered that Drupal incorrectly sanitized uploaded filenames. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2020-13671) It was discovered that Drupal incorrectly sanitized archived filenames. A remote attacker could possibly use this issue to overwrite arbitrary files, or execute arbitrary code. (CVE-2020-28948, CVE-2020-28949) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS drupal7 7.44-1ubuntu1~16.04.0+esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6981-1 CVE-2020-13671, CVE-2020-28948, CVE-2020-28949
Attachment: OpenPGP_signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- wsF5BAABCAAjFiEER/Iq56J1QpFyK/CQ9uFA9ts1nlgFAmbOCZUFAwAAAAAACgkQ9uFA9ts1nljQ Wg//aBa2S3AEt+78u8EnFUmFgn78X/WoLgjTNedvzzIWir9wEwNh3bUCN2TLHNNmS37/5+30tgn2 G/x19j1AAIjfiiAwXAJWITOHwH+7rvCMp4WRnkJLGEtQqsXjN/iBPnvjLmRgE2Jo7GeNNCHow2aS tEQKMrQnHDsISFBOdN+Z1cmb9Stw/8um5XHs4f7S9ltPmDZ8jYCSmD1m9tA28jt9z189be1+m9Kg CM3I2KNHXBLRU3WRz+QLzqTKOoIOOWx6BdG2blRKyN3PwOgeZ5Uw262AVHfxZBJ9rpV+C2zM9598 7cRg6bevkTSP4mtWyEMxdWyCxYuh78w7PquOD+GILS+aYs5Ur1t6cc92hSEFmbdUv7rrVG9w4Ei2 6TQCaCnvVN/xzICp3RP/sN4t5hEMOOHW2e7w8/zYvMY7M6v/W+BUUYY39/0b7b8+c0v4yPhwdNEO j+S1NjpMSoM1gVQeIQy1VhaM/slBox/3T8Hv4KusnenHOdRP9rJVl0SJuphYhoLA+FsWG81BHnHa j4ltOR+zQN8abXID7sC3Pgl2PlGoL5iwifDlrtyq7HhpyTFnxm9yo8fcqB7YOG+jLuTqwI7Sqy9r RiCaMFskn5UikfwzjpXZZWI1ABvccd9GKWEkiBAOCwysZzb6vw5j+/zl9rJ0FLIWj0MF0zShzKGr bGo= =hg+A -----END PGP SIGNATURE-----
Attachment: None (type=text/plain)