Updated drupal packages fix security vulnerability
Publication date: 29 Jun 2017Modification date: 29 Jun 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-6922
Description
Greg Knaddison, Mori Sugimoto and iancawthorne discovered that files
uploaded by anonymous users into a private file system can be accessed
by other anonymous users leading to an access bypass vulnerability
(CVE-2017-6922).
References
- https://bugs.mageia.org/show_bug.cgi?id=21152
- https://www.drupal.org/SA-CORE-2017-003
- https://www.drupal.org/project/drupal/releases/7.53
- https://www.drupal.org/project/drupal/releases/7.54
- https://www.drupal.org/project/drupal/releases/7.55
- https://www.drupal.org/project/drupal/releases/7.56
- https://www.debian.org/security/2017/dsa-3897
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6922
SRPMS
5/core
- drupal-7.56-1.mga5