[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 550-1] drupal7 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : drupal7
Version        : 7.14-2+deb7u14
CVE ID         : CVE-2016-6211

It was discovered that there was a vulnerability existed in the user
module in drupal7, a content management framework.

If some specific contributed or custom code triggers a rebuild of the
user profile form, a registered user can be granted all user roles on
the site. This would typically result in the user gaining administrative
access.

For Debian 7 "Wheezy", this issue has been fixed in drupal7 version
7.14-2+deb7u14.

We recommend that you upgrade your drupal7 packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXiJSmAAoJEB6VPifUMR5YYX0QALTJoNhWNN9Y2q5Jx+xUf/NS
UNI08O/sKgodpMk4e6/n9j5LV/8ljPXhOzA2sTmqhGh6DvbzI3oU/bpd0a+VMN8D
DwQ9KFZlo0bCzbE8Z8NfpIWxNE57xFsk58PvivMEtWu6drvmaszVGDS6izBAjQln
Dj6rpV2FJQxq35X8EfB+RtANfHeHWsPUIcwOcUzbpxMZrlCFU7/ftenT68wINPEg
G42wUgOwIXlgHaYa9ZiTUYCkbIPnV9pHc+LuV68o6Zrh4hf2qumEWIwzUj1OjLih
mhtIJqd0EUABvo8AC9aRlQsbMENCP/VLXiRWrGVKCFmEuX67kaTeVpOzCymx1q71
/LOmBFbKnBeJFrKrmV80oHJvtyPtZVqCKtwnQmciA/G/2suGQrVfVGqfzzqCYCu/
fg1OK+QdKVLCmbhEQoErL10Ldp19ht+1e2hj5/xx41JclYrM7Rb576X2badcNHwj
8Sst7bxvkPlff5TRCXkoiupFmUwh7tr9PF+50HTFJo6/9gLSgMTLm/n/fsCqMJSf
vrkK+NNR82/Uy9OTOJFqzfNRNcai7RCvYkUZgbhegd1puJ/RsubfJuV5xWmIbn/X
/betCiRhi+7YWbFxO0UwRF9G/1fn3cKpnkHuQKLi1X2ciFpCmcl08PUjunM+oYLg
MVblnSOSBaUu7KEVEY4W
=SU/V
-----END PGP SIGNATURE-----


Reply to: