Alerts This Week
Warning Icon 1 535
Alerts This Week
Warning Icon 1 535

Fedora 26 Drupal7 Security: Critical Cross-Site Scripting and Link Issues

fedora
Calendar Grey April 10, 2018
Dist Fedora Esm H88
Updates for Drupal 7 on Fedora significantly bolster defenses against cross-site scripting and external link injections, incorporating essential security patches.
- -

Summary

Equipped with a powerful blend of features, Drupal is a Content Management

System written in PHP that can support a variety of websites ranging from

personal weblogs to large community-driven websites. Drupal is highly

configurable, skinnable, and secure.

- -

[ 1 ] Bug #1548190 - drupal7: drupal: JavaScript cross-site scripting in checkPlain function [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1548190

[ 2 ] Bug #1547793 - drupal7-7.57 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1547793

[ 3 ] Bug #1548324 - CVE-2017-6926 CVE-2017-6927 CVE-2017-6928 CVE-2017-6929 CVE-2017-6930 CVE-2017-6931 CVE-2017-6932 drupal7: drupal: Multiple vulnerabilities fixed in 7.57 and 8.4.5 (SA-CORE-2018-001) [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1548324

[ 4 ] Bug #1548201 - drupal7: drupal: External link injection on 404 pages when linking to the current page [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1548201

[ 5 ] Bug #1548197 - drupal7: drupal: jQuery vulnerability with untrusted domains requests via Ajax [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1548197

[ 6 ] Bug #1548195 - drupal7: drupal: Private file access bypass in Drupal private file system [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1548195

[ 7 ] Bug #1561801 - drupal7-7.58 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1561801

[ 8 ] Bug #1548191 - drupal7: drupal: JavaScript cross-site scripting in checkPlain function [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1548191

[ 9 ] Bug #1548326 - CVE-2017-6926 CVE-2017-6927 CVE-2017-6928 CVE-2017-6929 CVE-2017-6930 CVE-2017-6931 CVE-2017-6932 drupal7: drupal: Multiple vulnerabilities fixed in 7.57 and 8.4.5 (SA-CORE-2018-001) [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1548326

[ 10 ] Bug #1548202 - drupal7: drupal: External link injection on 404 pages when linking to the current page [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1548202

[ 11 ] Bug #1548198 - drupal7: drupal: jQuery vulnerability with untrusted domains requests via Ajax [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1548198

[ 12 ] Bug #1548194 - drupal7: drupal: Private file access bypass in Drupal private file system [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1548194

su -c 'dnf upgrade drupal7' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Topics%20covered

Topics Covered

security advisory fedora cross-site scripting file access security issues drupal link injection

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 26
Version: 7.58
Release: 1.fc26
URL:
Summary: An open-source content-management platform

Topics%20covered

Topics Covered

security advisory fedora cross-site scripting file access security issues drupal link injection

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here