Advisories » MGASA-2014-0329

Updated drupal packages fix security vulnerability

Publication date: 12 Aug 2014
Modification date: 12 Aug 2014
Type: security
Affected Mageia releases : 3 , 4

Description

A denial of service issue exists in Drupal before 7.31, due to XML entity
expansion in a publicly accessible XML-RPC endpoint.

The drupal package has been updated to version 7.31 to fix this issue and
other bugs.  See the upstream advisory and release notes for more details.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=13876
• https://www.debian.org/security/2014/dsa-2999
• https://www.drupal.org/SA-CORE-2014-004
• https://www.drupal.org/drupal-7.30
• https://www.drupal.org/drupal-7.30-release-notes
• https://www.drupal.org/drupal-7.31
• https://www.drupal.org/drupal-7.31-release-notes

SRPMS

4/core

• drupal-7.31-1.mga4

3/core

• drupal-7.31-1.mga3