Updated drupal package fixes security vulnerability
Publication date: 04 Nov 2015Modification date: 04 Nov 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-7943
Description
The Overlay module in Drupal core displays administrative pages as a layer
over the current page (using JavaScript), rather than replacing the page
in the browser window. The Overlay module does not sufficiently validate
URLs prior to displaying their contents, leading to an open redirect
vulnerability (CVE-2015-7943).
References
- https://bugs.mageia.org/show_bug.cgi?id=16997
- https://www.drupal.org/SA-CORE-2015-004
- https://www.drupal.org/drupal-7.40
- https://www.drupal.org/drupal-7.40-release-notes
- https://www.drupal.org/drupal-7.41
- https://www.drupal.org/drupal-7.41-release-notes
- http://openwall.com/lists/oss-security/2015/10/23/6
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7943
SRPMS
5/core
- drupal-7.41-1.1.mga5