Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.3183 drupal7 security update 19 October 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: drupal7 Publisher: Debian Operating System: Debian GNU/Linux 9 Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Provide Misleading Information -- Remote with User Interaction Unauthorised Access -- Existing Account Resolution: Patch/Upgrade Reference: ESB-2018.3151 Original Bulletin: http://www.debian.org/security/2018/dsa-4323 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4323-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 18, 2018 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : drupal7 CVE ID : not yet available Two vulnerabilities were found in Drupal, a fully-featured content management framework, which could result in arbitrary code execution or an open redirect. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2018-006 For the stable distribution (stretch), this problem has been fixed in version 7.52-2+deb9u5. We recommend that you upgrade your drupal7 packages. For the detailed security status of drupal7 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/drupal7 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlvI9SAACgkQEMKTtsN8 TjaVEw//WZnKiJJBdjlvooNd89L7YYtJRSmGVq7itVYyUwCTQL37JEdPZyNbuhQu PHPtibFXYeab0SJJ50VUjxK4J5AXrf6R5BTIeLDJxAO4LzCXpFSJ6Yyl7ocqJ7EP sYSw607vz7rMCbH/MJGXhIgEG7o79UZKtdoK4hOBOS0xGK4tJa5q/KL6rY1qf7P1 o/EFO6CV78hmid0or4wILtYm+pvHdry1x4v0luEmTMTrVMuiqqQSUdRuJzCFLK/g 3B9nZUsqXQzeiVMQbQlLMLq9B8Sfy+lcFBHQdua6uvW3rAZblc0O1Jp9WMVrdcGh Z7fUFMwOGZF471gB5GvS8ojcYpqsql6odEZNgCcpsEpM9vTVHOpGx/F0T+I8/KMa phNeqOpG5/35LBsjjbXOyXYqpexGjfe6NyO4O4bDVohjRp/1MIyft+o+jTHlIQr9 tUN7z7I6YlV+5EtdKPDLt1VkFAXGPYK18asOkmvrP6gZ/xdyUj545/f1CUlRa5Dx GO1VGKIKrOZjLL7YzoMzRKd+EN/5tnIHt50myJgGrzvRL4LO8n1Vrvac/vrGGDA7 mEvcDRdtvjlAGm4297jTb53CbelqgsoAMhlpBuDOy9CZE12ycj7IkjD8DYE0xzZ1 AXmkbnTu+jCMpL6TcBECyOGhtL1w53cLTz9LDHPgSK/kQc442hc= =I0Nl - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW8kyz2aOgq3Tt24GAQhgohAAhtnMlvrQwXF12fKWFyhRq6OhDEmi//z1 74m3t5DdX0IWLDgy9N2ExgFWgpvZufXrum3I6auYw68hnSB6niM5xSzKXBQfplsE N+RcKFU229c6YAqzeKYU3mWdP+V5lYDeSzF9RAuZgN3+D9/nyGWlz8M0GAmMVmi9 FareF/jN3I4v22ZjvIp1F2u/c69Xl7TYybz1SP4vw3c0jHvYRYWQkJ6SEoYTG6A7 hggg0iM+BsiMY63Hw6rymgmRe4i3G0itsNTVCDOtFgiiyA9HKNUzG5+nImc461TF wtFK1ZsuX0OJW4zyOy4211vVSphQkZfVp5ZsDo0+xVayu79YePHr1zAFWWPDbDnS GBtGHsUYS2waYWbwrjLDm99ziECmn+FQJq2wwJBjsO8PYaFEhUaMxkNIvBPo6xZw NSeZBMivpSbfbKIML/rIOETfF74Q6xAeWBxXXkHqlJ6TrNpvDVUUVbsasoUf7MZW Ljr2MwzahCZpr6ATLTDSJFrUj+pT2Cgw7Yq+lvZEFr/C37isqgQ2m7NMXHS4Zhj1 EXSaMmH2BlZu/4jHXFHa8B9oD9T6UYzTRE81xDv7wKzo3BblhoSsUzuqH7D7Oks4 o4LNvDSHouODPezqWVFSAC1HZeXDjBqdTh0dDj8OyczESdKlPOr4DSCtPORuA8ZR +RpXITyEDD4= =U1mm -----END PGP SIGNATURE-----