| Summary: | drupal new security issues fixed upstream in 7.35 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | olchal, rverschelde, sysadmin-bugs |
| Version: | 4 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/637566/ | ||
| Whiteboard: | has_procedure MGA4-64-OK MGA4-32-OK advisory | ||
| Source RPM: | drupal-7.34-1.mga4.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2015-03-20 15:47:25 CET
Testing procedures: https://bugs.mageia.org/show_bug.cgi?id=14298#c6 Whiteboard:
(none) =>
has_procedure Testing on Mageia4x64 real hardware From current packages : --------------------- drupal-7.34-1.mga4 Created a drupal test site with mysql To updated packages : ------------------ drupal-7.35-1.mga4 drupal-mysql-7.35-1.mga4 drupal-postgresql-7.35-1.mga4 drupal-sqlite-7.35-1.mga4 # systemctl restart mysqld httpd With mysql : Browsed to previous drupal site, In section Reports, verified I was running new version. Made some few alterations, logged out back in, all OK Dropped drupal test database and user. Created new site with mysql, verified basic usage. Dropped drupal test db Did the same thing with postgresl db and sqlite db. All OK CC:
(none) =>
olchal Debian has issued an advisory for this on March 20: https://www.debian.org/security/2015/dsa-3200 Still waiting for the second part of the CVE request to get resolved.
David Walser
2015-03-23 18:49:14 CET
URL:
(none) =>
http://lwn.net/Vulnerabilities/637566/ CVE-2015-2749 and CVE-2015-2750 have been assigned, completing the request: http://openwall.com/lists/oss-security/2015/03/26/4 Advisory: ======================== Updated drupal packages fix security vulnerabilities: Password reset URLs can be forged under certain circumstances, allowing an attacker to gain access to another user's account without knowing the account's password (CVE-2015-2559). Under certain circumstances, malicious users can construct a URL that will trick users into being redirected to a 3rd party website, thereby exposing the users to potential social engineering attacks. In addition, several URL-related API functions in Drupal 6 and 7 can be tricked into passing through external URLs when not intending to, potentially leading to additional open redirect vulnerabilities (CVE-2015-2749, CVE-2015-2750). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2559 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2749 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2750 https://www.drupal.org/SA-CORE-2015-001 https://www.drupal.org/drupal-7.35 https://www.drupal.org/drupal-7.35-release-notes http://openwall.com/lists/oss-security/2015/03/20/2 http://openwall.com/lists/oss-security/2015/03/26/4 Testing on Mageia4x32 real hardware From current package : -------------------- drupal-7.34-1.mga4 Created new site with mysql. Created an article, uploaded a picture, ... As I saw in Comment 4 that there was a vulnerability with users accounts,created 2 new users with 1st administrator account, logged out and in with each new user, adding comments, new articles ... To updated testing packages : --------------------------- drupal-7.35-1.mga4 drupal-mysql-7.35-1.mga4 Browsed back to previous site : http://localhost/drupal Verified in Reports/Status report it had updated to new version Logged in and out with each user, created a new one. Edited articles, created new ones All OK. Whiteboard:
has_procedure MGA4-64-OK =>
has_procedure MGA4-64-OK MGA4-32-OK Validating, advisory uploaded. Please push to 4 core/updates. Keywords:
(none) =>
validated_update LWN reference for CVE-2015-2749 and CVE-2015-2750: http://lwn.net/Vulnerabilities/638218/ An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0121.html Status:
NEW =>
RESOLVED |