Tuesday, August 27, 2024

[USN-6981-1] Drupal vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEER/Iq56J1QpFyK/CQ9uFA9ts1nlgFAmbOCZUFAwAAAAAACgkQ9uFA9ts1nljQ
Wg//aBa2S3AEt+78u8EnFUmFgn78X/WoLgjTNedvzzIWir9wEwNh3bUCN2TLHNNmS37/5+30tgn2
G/x19j1AAIjfiiAwXAJWITOHwH+7rvCMp4WRnkJLGEtQqsXjN/iBPnvjLmRgE2Jo7GeNNCHow2aS
tEQKMrQnHDsISFBOdN+Z1cmb9Stw/8um5XHs4f7S9ltPmDZ8jYCSmD1m9tA28jt9z189be1+m9Kg
CM3I2KNHXBLRU3WRz+QLzqTKOoIOOWx6BdG2blRKyN3PwOgeZ5Uw262AVHfxZBJ9rpV+C2zM9598
7cRg6bevkTSP4mtWyEMxdWyCxYuh78w7PquOD+GILS+aYs5Ur1t6cc92hSEFmbdUv7rrVG9w4Ei2
6TQCaCnvVN/xzICp3RP/sN4t5hEMOOHW2e7w8/zYvMY7M6v/W+BUUYY39/0b7b8+c0v4yPhwdNEO
j+S1NjpMSoM1gVQeIQy1VhaM/slBox/3T8Hv4KusnenHOdRP9rJVl0SJuphYhoLA+FsWG81BHnHa
j4ltOR+zQN8abXID7sC3Pgl2PlGoL5iwifDlrtyq7HhpyTFnxm9yo8fcqB7YOG+jLuTqwI7Sqy9r
RiCaMFskn5UikfwzjpXZZWI1ABvccd9GKWEkiBAOCwysZzb6vw5j+/zl9rJ0FLIWj0MF0zShzKGr
bGo=
=hg+A
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6981-1
August 27, 2024

drupal7 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Drupal could be made to crash or run programs if it received
specially crafted network traffic.

Software Description:
- drupal7: fully-featured content management framework

Details:

It was discovered that Drupal incorrectly sanitized uploaded filenames. A
remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2020-13671)

It was discovered that Drupal incorrectly sanitized archived filenames. A
remote attacker could possibly use this issue to overwrite arbitrary files,
or execute arbitrary code. (CVE-2020-28948, CVE-2020-28949)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
  drupal7                         7.44-1ubuntu1~16.04.0+esm2
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-6981-1
  CVE-2020-13671, CVE-2020-28948, CVE-2020-28949

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)