{
  "schema_version": "1.7.0",
  "id": "MGASA-2014-0492",
  "published": "2014-11-26T17:29:06Z",
  "modified": "2014-11-26T17:11:49Z",
  "summary": "Updated drupal packages fix security vulnerabilities",
  "details": "Updated drupal packages fix security vulnerability:\n\nAaron Averill discovered that a specially crafted request can give a user\naccess to another user's session, allowing an attacker to hijack a random\nsession (CVE-2014-9015).\n\nMichael Cullum, Javier Nieto and Andres Rojas Guerrero discovered that the\npassword hashing API allows an attacker to send specially crafted requests\nresulting in CPU and memory exhaustion. This may lead to the site becoming\nunavailable or unresponsive (denial of service) (CVE-2014-9016).\nanonymous users (CVE-2014-9016).\n",
  "upstream": [
    "CVE-2014-9015",
    "CVE-2014-9016"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2014-0492.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=14614"
    },
    {
      "type": "WEB",
      "url": "https://www.drupal.org/SA-CORE-2014-006"
    },
    {
      "type": "WEB",
      "url": "https://drupal.org/drupal-7.33"
    },
    {
      "type": "WEB",
      "url": "https://drupal.org/drupal-7.33-release-notes"
    },
    {
      "type": "WEB",
      "url": "https://drupal.org/drupal-7.34"
    },
    {
      "type": "WEB",
      "url": "https://drupal.org/drupal-7.34-release-notes"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2014/dsa-3075"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:3",
        "name": "drupal",
        "purl": "pkg:rpm/mageia/drupal?arch=source&distro=mageia-3"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.34-1.mga3"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:4",
        "name": "drupal",
        "purl": "pkg:rpm/mageia/drupal?arch=source&distro=mageia-4"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.34-1.mga4"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}