| Summary: | drupal new security issue fixed in 7.20 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | sysadmin-bugs, tmb |
| Version: | 2 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/541559/ | ||
| Whiteboard: | has_procedure mga2-64-ok mga2-32-ok | ||
| Source RPM: | drupal | CVE: | |
| Status comment: | |||
|
Description
David Walser
2013-03-06 19:48:47 CET
Need an advisory please. Thanks Funda. Advisory: ======================== Updated drupal packages fix security vulnerability: Drupal core's Image module allows for the on-demand generation of image derivatives. This capability can be abused by requesting a large number of new derivatives which can fill up the server disk space, and which can cause a very high CPU load. Either of these effects may lead to the site becoming unavailable or unresponsive (CVE-2013-0316). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0316 http://drupal.org/SA-CORE-2013-002 http://drupal.org/drupal-7.20-release-notes http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099663.html ======================== Updated packages in core/updates_testing: ======================== drupal-7.20-1.mga2 drupal-mysql-7.20-1.mga2 drupal-postgresql-7.20-1.mga2 drupal-sqlite-7.20-1.mga2 from drupal-7.20-1.mga2.src.rpm Testing complete mga2 64 Whiteboard:
has_procedure =>
has_procedure mga2-64-ok Testing mga2 32 Testing complete mga2 32 Validating Advisory and SRPM in comment 3 Could sysadmin please push from core/updates_testing to core/updates Thanks! Keywords:
(none) =>
validated_update Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0135 Status:
NEW =>
RESOLVED |