Debian LTS: DLA-1797-1: drupal7 security update

    Date20 May 2019
    CategoryDebian LTS
    1175
    Posted ByLinuxSecurity Advisories
    Several security vulnerabilities have been discovered in drupal7, a PHP web site platform. The vulnerabilities affect the embedded versions of the jQuery JavaScript library and the Typo3 Phar Stream Wrapper library.
    
    Package        : drupal7
    Version        : 7.32-1+deb8u17
    CVE ID         : CVE-2019-11358 CVE-2019-11831
    Debian Bug     : 927330 928688
    
    Several security vulnerabilities have been discovered in drupal7, a
    PHP web site platform. The vulnerabilities affect the embedded versions
    of the jQuery JavaScript library and the Typo3 Phar Stream Wrapper
    library.
    
    CVE-2019-11358
    
        It was discovered that the jQuery version embedded in Drupal was
        prone to a cross site scripting vulnerability in jQuery.extend().
    
        For additional information, please refer to the upstream advisory
        at https://www.drupal.org/sa-core-2019-006.
    
    CVE-2019-11831
    
        It was discovered that incomplete validation in a Phar processing
        library embedded in Drupal, a fully-featured content management
        framework, could result in information disclosure.
    
        For additional information, please refer to the upstream advisory
        at https://www.drupal.org/sa-core-2019-007.
    
    For Debian 8 "Jessie", these problems have been fixed in version
    7.32-1+deb8u17.
    
    We recommend that you upgrade your drupal7 packages.
    
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    
    
    - -- 
    Jonas Meurer
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"15","type":"x","order":"1","pct":53.57,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":14.29,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"9","type":"x","order":"3","pct":32.14,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.