Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.0557 drupal7 security update 26 February 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: drupal7 Publisher: Debian Operating System: Debian GNU/Linux 8 Debian GNU/Linux 9 Impact/Access: Increased Privileges -- Existing Account Cross-site Scripting -- Existing Account Access Confidential Data -- Remote/Unauthenticated Provide Misleading Information -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-6926 CVE-2017-6932 CVE-2017-6931 CVE-2017-6930 CVE-2017-6929 CVE-2017-6928 CVE-2017-6927 Reference: ESB-2018.0538 Original Bulletin: http://www.debian.org/security/2018/dsa-4123 https://www.drupal.org/sa-core-2018-001 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4123-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 24, 2018 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : drupal7 CVE ID : not yet available Debian Bug : 891154 891153 891152 891150 Multiple vulnerabilities have been found in the Drupal content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2018-001 For the oldstable distribution (jessie), this problem has been fixed in version 7.32-1+deb8u10. For the stable distribution (stretch), this problem has been fixed in version 7.52-2+deb9u2. We recommend that you upgrade your drupal7 packages. For the detailed security status of drupal7 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/drupal7 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlqRVG0ACgkQEMKTtsN8 TjYnfBAAu6LabC2r9lnRO3Vf9Oae80kD/LJ5zCCR8kPuR8CqquFDQkrQ7ImnRhYG ZeLK7TBKGpbWJPrNASm6p3Apvkl82S7NLXY8EV9uFpzx04KfKUZ6yOkaPFsVg4Dv uzCKVpty9H9VOmlW16a9Z8soKr4ya5Rd3abcV3bOYueCNp+lqb05Uvx+UaJPWOGB vqea1o8XZnIjDL60RbNGcHubs0bDi8+07HF+8T8MX+tWbR5tAlnoPJ57QO78oa6y VbXHdweiDcvEUaTKvUVPo/1c0YuZRSWwJq9LJOF6gUHCycrIzZGEq6EaPsn/reGT lLXnWQHbwGy4/e/I0ymqv6GBTBiMcl46P2Lgvvbe1+nDjGBojaOr8qO1er3jQb3L v8otDkBFDl6oM5NlY8G4zmdMPo19J9PM4mAfafl0GeRqHczJcqCJS83Ne5JZ9iDl nRcG27L+sXXT+wBQdEL0AOGiY/s9o91jCjhrnfdDs/+B3875m92ZfXJIjTLEJRX5 JbPbvuJ6hBuMrLDTg0jWhUX5Bu1EZjx/vU90aroQhxwpP/tTvnm3slWXZFnsdlZ8 Z7XxLpyFKmNfhFtnvhWNiD1HRoffG52utSnaKYUO+H2wVgJ3978lVN7fZ0Ob185p wfD/fCsZNq6+S8JnL9/DIx0ExzFu+lsTnt4gp35PjJCb433C72M= =HZP9 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWpOEnIx+lLeg9Ub1AQj1VhAAq81ITP4x+xquTgSpxOrR2XrnteB3Gwmj NUkkz5aR+vOf7rL+HzQz1CFRIbB5IorUh/p1x7TbjMSo58px1Fr/utdSB8G0XP8x YfGOE8LFHLa3M/4I4X+T0UeQIwfUnDLUKgaR5U742FQz1b/IdXdW++fd+CDoOABW BuJPI+5rdiMRgxMuVn/uP8LL5GT5WZUqkWQzMg5uw5jkZ7nWI7afySgfEGJFmkRS lDvdzksoDzQuahMVckmIha7EIhSmpWXS6+74IF4cPSKhxD/uHhsNIhY7QcFOFAJh tgrbhdN1NH75w4gk43S9lrv7lt30e+fBLOBo6mi8z0hS1qVujd47n5EymE+IbH0H htiVcBL5AK6UX9mK5+wzpzTFnySM9fIHF2DJVYiaSt7mrvBGTLGmryNAvahkjC+V X6U0LkaQPT/XgG893bU4mYfoi5+bCBHZ7BKC8wxXN036icRjW0HXQpxOrjDT2fNd Du68NXK3O55HB03SHwzG/dMAK+FDmEXLExwYa3no+RPxhz0PkpPT4lA7ro/k30Rk 3rqhOUBxVL1Ha481y45hv60igSJMvpUYyIYp2WIjsvkAsCRQdhjmveFKEl2Wp2uZ JIlWQvgbnrYP7q7xJzRlA/K+CGAisKdPTJe9UU/FFjrmz2K8VgBoGnSnHs1e9lGl aWqJz+lbbc4= =w5X/ -----END PGP SIGNATURE-----