Updated drupal packages fix security vulnerability
Publication date: 07 Dec 2016Modification date: 07 Dec 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-9449 , CVE-2016-9451
Description
Inconsistent name for term access query; information on taxonomy terms
might have been disclosed to unprivileged users (CVE-2016-9449).
Confirmation forms allow external URLs to be injected (CVE-2016-9451).
References
- https://bugs.mageia.org/show_bug.cgi?id=19812
- https://www.drupal.org/SA-CORE-2016-005
- https://www.drupal.org/drupal-7.45
- https://www.drupal.org/drupal-7.45-release-notes
- https://www.drupal.org/drupal-7.46
- https://www.drupal.org/drupal-7.46-release-notes
- https://www.drupal.org/drupal-7.47
- https://www.drupal.org/drupal-7.47-release-notes
- https://www.drupal.org/drupal-7.48
- https://www.drupal.org/drupal-7.48-release-notes
- https://www.drupal.org/drupal-7.49
- https://www.drupal.org/drupal-7.49-release-notes
- https://www.drupal.org/drupal-7.50
- https://www.drupal.org/drupal-7.50-release-notes
- https://www.drupal.org/drupal-7.51
- https://www.drupal.org/drupal-7.51-release-notes
- https://www.drupal.org/drupal-7.52
- https://www.drupal.org/drupal-7.52-release-notes
- http://openwall.com/lists/oss-security/2016/11/18/16
- https://lwn.net/Vulnerabilities/707038/
- https://lwn.net/Vulnerabilities/707041/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9449
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9451
SRPMS
5/core
- drupal-7.52-1.mga5