Advisories » MGASA-2016-0245

Updated drupal packages fix security vulnerabilities

Publication date: 08 Jul 2016
Modification date: 08 Jul 2016
Type: security
Affected Mageia releases : 5

Description

Updated drupal packages fix security vulnerability:

A vulnerability exists in the User module, where if some specific contributed
or custom code triggers a rebuild of the user profile form, a registered user
can be granted all user roles on the site. This would typically result in the
user gaining administrative access (SA-CORE-2016-002).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=18806
• https://www.drupal.org/SA-CORE-2016-002
• https://www.drupal.org/drupal-7.44
• https://www.drupal.org/drupal-7.44-release-notes

SRPMS

5/core

• drupal-7.44-1.mga5