Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Fedora: 33 2020-fe94df8c34 Critical: drupal7 Cross Site Forgery

fedora
Calendar Grey September 25, 2020
Dist Fedora Esm H88
Discover vital information regarding the significant patch for Drupal 7 on Fedora tackling vulnerabilities associated with cross-site request forgery (CSRF). Take immediate action!
- - [Drupal core - Critical - Cross Site Request Forgery - SA-CORE-2020-004]() / CVE-2020-13663 -

Summary

Equipped with a powerful blend of features, Drupal is a Content Management

System written in PHP that can support a variety of websites ranging from

personal weblogs to large community-driven websites. Drupal is highly

configurable, skinnable, and secure.

- - [Drupal core -Critical - Cross Site Request Forgery - SA-CORE-2020-004]() / CVE-2020-13663 -

* Fri Sep 4 2020 Shawn Iwinski - 7.72-1

- Update to 7.72

- SA-CORE-2020-004/CVE-2020-13663 (RHBZ #1860912, #1860913)

[ 1 ] Bug #1828417 - CVE-2020-11022 drupal7: jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1828417

[ 2 ] Bug #1850013 - CVE-2020-11023 drupal7: jQuery: passing HTML containing

https://bugzilla.redhat.com/show_bug.cgi?id=1850013

[ 3 ] Bug #1850023 - CVE-2020-11023 drupal7: jQuery: passing HTML containing

https://bugzilla.redhat.com/show_bug.cgi?id=1850023

[ 4 ] Bug #1860912 - CVE-2020-13663 drupal7: Form API does not properly handle certain form input from cross-site requests [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1860912

[ 5 ] Bug #1860913 - CVE-2020-13663 drupal7: Form API does not properly handle certain form input from cross-site requests [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1860913

su -c 'dnf upgrade --advisory FEDORA-2020-fe94df8c34' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory Fedora critical update cross site forgery drupal7

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 33
Version: 7.72
Release: 1.fc33
URL:
Summary: An open-source content-management platform

Topics%20covered

Topics Covered

security advisory Fedora critical update cross site forgery drupal7

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here