Debian LTS: DLA-1659-1: drupal7 security update

    Date02 Feb 2019
    CategoryDebian LTS
    543
    Posted ByAnthony Pell
    A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being
    
    Package        : drupal7
    Version        : 7.32-1+deb8u14
    CVE ID         : CVE-2019-6339
    
    A remote code execution vulnerability exists in PHP's built-in phar
    stream wrapper when performing file operations on an untrusted phar://
    URI. Some Drupal code (core, contrib, and custom) may be performing
    file operations on insufficiently validated user input, thereby being
    exposed to this vulnerability.
    
    With this update a new replacement stream wrapper from typo3 project
    is used instead of the built-in one.
    
    For Debian 8 "Jessie", this problem has been fixed in version
    7.32-1+deb8u14.
    
    We recommend that you upgrade your drupal7 packages.
    
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"13","type":"x","order":"1","pct":56.52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":13.04,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"7","type":"x","order":"3","pct":30.43,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.