Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2018.3183
drupal7 security update
19 October 2018
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: drupal7
Publisher: Debian
Operating System: Debian GNU/Linux 9
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Provide Misleading Information -- Remote with User Interaction
Unauthorised Access -- Existing Account
Resolution: Patch/Upgrade
Reference: ESB-2018.3151
Original Bulletin:
http://www.debian.org/security/2018/dsa-4323
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4323-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 18, 2018 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : drupal7
CVE ID : not yet available
Two vulnerabilities were found in Drupal, a fully-featured content
management framework, which could result in arbitrary code execution or
an open redirect. For additional information, please refer to the
upstream advisory at https://www.drupal.org/sa-core-2018-006
For the stable distribution (stretch), this problem has been fixed in
version 7.52-2+deb9u5.
We recommend that you upgrade your drupal7 packages.
For the detailed security status of drupal7 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/drupal7
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlvI9SAACgkQEMKTtsN8
TjaVEw//WZnKiJJBdjlvooNd89L7YYtJRSmGVq7itVYyUwCTQL37JEdPZyNbuhQu
PHPtibFXYeab0SJJ50VUjxK4J5AXrf6R5BTIeLDJxAO4LzCXpFSJ6Yyl7ocqJ7EP
sYSw607vz7rMCbH/MJGXhIgEG7o79UZKtdoK4hOBOS0xGK4tJa5q/KL6rY1qf7P1
o/EFO6CV78hmid0or4wILtYm+pvHdry1x4v0luEmTMTrVMuiqqQSUdRuJzCFLK/g
3B9nZUsqXQzeiVMQbQlLMLq9B8Sfy+lcFBHQdua6uvW3rAZblc0O1Jp9WMVrdcGh
Z7fUFMwOGZF471gB5GvS8ojcYpqsql6odEZNgCcpsEpM9vTVHOpGx/F0T+I8/KMa
phNeqOpG5/35LBsjjbXOyXYqpexGjfe6NyO4O4bDVohjRp/1MIyft+o+jTHlIQr9
tUN7z7I6YlV+5EtdKPDLt1VkFAXGPYK18asOkmvrP6gZ/xdyUj545/f1CUlRa5Dx
GO1VGKIKrOZjLL7YzoMzRKd+EN/5tnIHt50myJgGrzvRL4LO8n1Vrvac/vrGGDA7
mEvcDRdtvjlAGm4297jTb53CbelqgsoAMhlpBuDOy9CZE12ycj7IkjD8DYE0xzZ1
AXmkbnTu+jCMpL6TcBECyOGhtL1w53cLTz9LDHPgSK/kQc442hc=
=I0Nl
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBW8kyz2aOgq3Tt24GAQhgohAAhtnMlvrQwXF12fKWFyhRq6OhDEmi//z1
74m3t5DdX0IWLDgy9N2ExgFWgpvZufXrum3I6auYw68hnSB6niM5xSzKXBQfplsE
N+RcKFU229c6YAqzeKYU3mWdP+V5lYDeSzF9RAuZgN3+D9/nyGWlz8M0GAmMVmi9
FareF/jN3I4v22ZjvIp1F2u/c69Xl7TYybz1SP4vw3c0jHvYRYWQkJ6SEoYTG6A7
hggg0iM+BsiMY63Hw6rymgmRe4i3G0itsNTVCDOtFgiiyA9HKNUzG5+nImc461TF
wtFK1ZsuX0OJW4zyOy4211vVSphQkZfVp5ZsDo0+xVayu79YePHr1zAFWWPDbDnS
GBtGHsUYS2waYWbwrjLDm99ziECmn+FQJq2wwJBjsO8PYaFEhUaMxkNIvBPo6xZw
NSeZBMivpSbfbKIML/rIOETfF74Q6xAeWBxXXkHqlJ6TrNpvDVUUVbsasoUf7MZW
Ljr2MwzahCZpr6ATLTDSJFrUj+pT2Cgw7Yq+lvZEFr/C37isqgQ2m7NMXHS4Zhj1
EXSaMmH2BlZu/4jHXFHa8B9oD9T6UYzTRE81xDv7wKzo3BblhoSsUzuqH7D7Oks4
o4LNvDSHouODPezqWVFSAC1HZeXDjBqdTh0dDj8OyczESdKlPOr4DSCtPORuA8ZR
+RpXITyEDD4=
=U1mm
-----END PGP SIGNATURE-----