Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2015.0701 drupal7 security update 23 March 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: drupal7 Publisher: Debian Operating System: Debian GNU/Linux 7 Impact/Access: Provide Misleading Information -- Remote with User Interaction Unauthorised Access -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2015-2559 Reference: ESB-2015.0669 Original Bulletin: http://www.debian.org/security/2015/dsa-3200 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3200-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 20, 2015 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : drupal7 CVE ID : CVE-2015-2559 Multiple vulnerabilities have been found the Drupal content management framework. More information can be found at https://www.drupal.org/SA-CORE-2015-001 For the stable distribution (wheezy), this problem has been fixed in version 7.14-2+deb7u9. For the unstable distribution (sid), this problem has been fixed in version 7.32-1+deb8u2. We recommend that you upgrade your drupal7 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVDKBOAAoJEBDCk7bDfE42IIsP/1qHHs+ACAIGQvhmNsjLO1gH TqWx3o+e9VXWH6qrEQHA4BqbYf2YHkCe6/3M5G3Xv9N3g8+peqWZrEXGQl0kBBwq iLIK0V9+orEh8J6y6lKDhSxzx6nQk8f+eIkOi7KcBSG46ZP1FmZVyKzsAFd3Y9QQ 6g3AxS1penrJ+NuzmPTqiaMv3mVEMTjHEHDlIlGYHA4VVWsexuu426750Igs+aK/ slHdWTc7IABaWnbrb/UuGjBRocfgTqNTF2BYzRWP2WHUxz2uh2EAwwwJWVVsgC5v 74dYobs8ddVGimgYiqkw0DCoZQHrfevLwbTZ5zLUu4WMMrYBzrJ1ZZkT9hIfyenU PD15d/X6IoO9W+OjSQI5L2+6biqWQmoWr4a3/O9rFB7G9oA465jWjXA3agKpJAfj D0w/N0N0lWyxMtKysacyc3iejWQHbGKZpCnuNLLrswajA7u5zF+9DreiEYMTWgsE ReTGHVUixXxsqw1iXW0byV5uEdeMJ7OJJm+zYB1TFY8Pu05HgMEC1StF3YEmq86Y xqdEt8vVQ/+TLwxaiEj7FNwyKJ3topJoZJpltt6QzMgX301fuvrO/bQIyxR/N9Sl 0hHN8mp/yguXyHZ02XxKRyqs8VHd9EY5OH5vEJCCF0Abl6OuCAOvuxS+Ts9Ohuhf Fg2H/Ebfevmz+SV2iaJk =Fc9o - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVQ95NRLndAQH1ShLAQL8iw//Uc5P6ywVgHaBmEsXwBBmPIRIUG+KIYI3 krHV4BWf8I221y/dZpUyKrkuD7jTRM+hwCr1KEaavgFejHZhBmVkRNFAkvh4bFwg xDzcSwWFSR1272/Z0UqM/7qe/7HBdilustkTLnseiLu5TVih/zFnZdi3BGKG4JBA U974NXqmky3Hkktf3aa4LHSWHtSxzvdU97aTHkxs4JsV7NW9ycNGQlCzJpDnHJ8R BGaY4bOmqLkCiKnFjx6hGtTmu21G/xOHeJWAluMjyG04kL8BfFeYgIBfqYQNwrPG 14otSl04cZFM4EsP1H6YhgaxY+NtTsDdAnoovgSO1xZXa7e4jaXs3XMjb2gFwPQi 7b5WxRJIyEwRST/OYv1g8KKmJZ2NrRKdX0FSPYCqX+ibO6Bi58+YbSnVTfTAUu7Y nPIgGvI/L08blfSVSOOquVR1iHIXyAAKdxPg2qI9YDpOgGS20f1HYhhTFNVwzblf rEBbBbOhTMzjvs7O8rQ5H6qDlYNTebOOE5EUD9XCIpNuOTaqhj0Uqq96nju4TwvL OTOVVRcXDp8bH6sfnlLweMwVLkGO9ZscbxhIfG68eXVWt49vOd0ur449aR1y0WR5 5S9HrUAPP7NEHfVKk4bsIueP+uRdKJ/CO2zk27jV17ol6LEihlvbdzuPsSm7dSiH qgwvvvxf8No= =T0an -----END PGP SIGNATURE-----