Updated drupal package fixes security vulnerability
Publication date: 01 Jul 2015Modification date: 09 Jul 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-3231 , CVE-2015-3232 , CVE-2015-3233 , CVE-2015-3234
Description
Incorrect cache handling made private content viewed by "user 1" exposed
to other, non-privileged users (CVE-2015-3231).
A flaw in the Field UI module made it possible for attackers to redirect
users to malicious sites (CVE-2015-3232).
Due to insufficient URL validation, the Overlay module could be used to
redirect users to malicious sites (CVE-2015-3233).
The OpenID module allowed an attacker to log in as other users, including
administrators (CVE-2015-3234).
References
- https://bugs.mageia.org/show_bug.cgi?id=16147
- https://www.drupal.org/SA-CORE-2015-002
- https://www.drupal.org/drupal-7.36
- https://www.drupal.org/drupal-7.36-release-notes
- https://www.drupal.org/drupal-7.37
- https://www.drupal.org/drupal-7.37-release-notes
- https://www.drupal.org/drupal-7.38
- https://www.drupal.org/drupal-7.38-release-notes
- https://www.debian.org/security/2015/dsa-3291
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3231
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3232
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3233
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3234
SRPMS
4/core
- drupal-7.38-1.mga4
5/core
- drupal-7.38-1.mga5